Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

[Résolu] PC avec multiples infections importantes

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1  2  3
Dernière Page
Page Suivante
Page Précédente
Première Page
Auteur
 Sujet :

[Résolu] PC avec multiples infections importantes

Prévenir les modérateurs en cas d'abus 
Yangxiao
yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/05/2008 à 11:44:18  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjours,

 Je suis allé chez mon petit frere pour utiliser son PC qui possède WinXP Pro en version chinois. Cependant il m'a raconté que son PC a depuis quelques temps de nombreux souci et le démarrage de Windows est tres ralenti. J'ai donc récupéré son PC pour regarder de plus près.

 J'ai donc découvert que son PC était tres infecté et son disque dur relativement saturé, j'ai commencé par faire quelque nettoyage sur le registre ainsi que les fichiers temporaires venant d'internet etc, j'ai vu aussi que il y a un ancien antivirus que je connais pas, donc je le désinstalle pour tenter de réinstaller un autre antivirus à jour, enfin de faire un scan sur le Pc pour chercher les infections virales, mais impossible de installer un antivirus...(antivir, AVG antivirus) ca plante ou message d'erreur pendant l'installation.

 Toutefois jai pu installer des antimalwares (spybot/Ad square) jai pu scan et enlever une partie des malwares mais certains fichiers lorsque je tente de supprimer ca fait planter le programme....

 Et lorsque j'ai essayé de redémarrer le PC en mode sans échec, impossible non plus ca fait rebooté le PC lorsque il tente de démarrer en mode sans échec -__- il y a donc que le mode en normal que je peux démarrer et lorsque j'entre dans WinXP en normal le démarrage est effectivement assez long et je reçois des erreurs venant du Rundll pas forcement lisible, bref la totale... si vous pouvez m'aider merci.

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 24/05/2008 à 12:22:31  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Bonjour,

 Avant de commencer la désinfection à proprement parler, voyons quelques points importants qui nous permettront d'être efficaces ensemble et surtout de prévenir d'éventuels dommages pour votre ordinateur.

 
  • N'ayez surtout pas peur de poser vos questions ! Il n'y a aucune question stupide. Au contraire, la question stupide est celle qui n'est pas posée : il ne faut rien faire dans le doute.
  • Merci faire les procédures que je vous donne dans l'ordre dans lequel je les ai postées. Si jamais vous n'arrivez pas à compléter une étape, ou bien que vous n'êtes pas certain de ce que vous faites, veuillez arrêter la procédure et informez-en moi.
  • Ne FIXER JAMAIS rien de votre propre initiative dans hijackthis ou d'autres programmes. Cela peut s'avérer être très dangereux et pourrait causer des dommages irréversibles sur votre système. Si jamais vous voyez des entrées, des fichiers, des dossiers, des programmes, etc. dont vous n'êtes pas sûr, n'hésitez pas à me poser la question.

 N.B :
Merci de prendre en compte que nous sommes bénévoles et que nous avons une vie privée. Soyez donc patients le temps que l'on vous réponde ; nous n'avons pas pour habitude de laisser des internautes en plan.

 ***

 Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.

 N.B : Si pendant le téléchargement et/ou l’installation tu reçois une alerte de ton antivirus, ignore-là. Certains composants de dss scan peuvent être détectés comme un virus par certains antivirus.

 NB : Tu dois être connecté avec des droits d'Administrateur.
 
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
 
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
 
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
main.txt <- ouvert en premier plan et en plein écran
 extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
 S'il s'agit d'une utilisation supplémentaire de DSS :
 
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran

 
  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



 Ce que fait DSS :
 
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement  HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

 ;)
[/b]

(Publicité)
yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/05/2008 à 14:57:35  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
je suis votre instruction comme vous avez indique, tout se deroule bien jusqu au moment ou le programme arrive au stade "Examining Registry" on dirait que il plante a ce niveau donc impossible de terminer le proccessus...  j ai du mal a ecrire dsl son clavier est en azerty mais son systeme est en qwerty....

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 24/05/2008 à 15:02:02  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re,

 Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

 
  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici le rapport généré.

 Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

 Aide : Comment utiliser HijackThis.

 ;)

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/05/2008 à 16:01:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re voici le rapport aue j ai galere a faire: {effectivement c est le bordel, ancien trace antivirus etc}

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 D:\a-squared Free\a2service.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\sviec.exe
 C:\WINDOWS\system32\ntnids32.e​xe
 C:\WINDOWS\system32\msvcrty.ex​e
 C:\WINDOWS\explorer.exe
 C:\Program Files\StormII\stormliv.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 c:\net.exe
 c:\Program Files\win.ini
 c:\windows\system32\KERNEL32.e​xe
 c:\windows\mfc42.exe
 C:\WINDOWS\system32\winplay.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\1800.exe
 C:\WINDOWS\ime\winupgrade.exe
 C:\WINDOWS\system32\winini.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\wscntfy.ex​e
 C:\WINDOWS\System32\alg.exe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\ctfmon.exe
 C:\WINDOWS\system32\conime.exe
 C:\WINDOWS\system32\vistaA.exe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\explorer.e​xe
 C:\Documents and Settings\servciesa.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\program files\internet explorer\iexplore.exe
 C:\WINDOWS\system32\inf\svchos​ts.exe
 C:\program files\internet explorer\iexplore.exe
 C:\program files\internet explorer\iexplore.exe
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\WINDOWS\system32\rundll32.e​xe
 C:\Program Files\Trend Micro\HijackThis\user.exe
 C:\WINDOWS\system32\wbem\wmipr​vse.exe

 F2 - REG:system.ini: Shell=Explorer.exe winhelp.exe
 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\u​serinit.exe,C:\WINDOWS\system3​2\svchust.exe,C:\WINDOWS\syste​m32\ntnids32.exe,C:\WINDOWS\sy​stem32\msvcrty.exe
 O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058​F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEH​elper02.dll
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: Accounts Manager - {10FDCE1E-C36A-474E-808E-248C5​1693DB7} - C:\WINDOWS\system32\Nessery.dl​l
 O2 - BHO: lofsajbo.dll - {170165F1-9F65-569F-F895-F14F5​8F41071} - C:\WINDOWS\system32\lofsajbo.d​ll
 O2 - BHO: zywlaime.dll - {17A924AF-1A5F-CF21-AB1D-1D5CF​82A8A71} - C:\WINDOWS\system32\zywlaime.d​ll
 O2 - BHO: (no name) - {192C0424-8358-4EB4-B62D-F9182​1BC0745} - C:\WINDOWS\system32\qgtbnkblwt​.dll
 O2 - BHO: (no name) - {1AB1F65A-964F-4AE7-B254-05146​A0E602E} - C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys
 O2 - BHO: QQToolbar - {29CF293A-1E7D-4069-9E11-E3969​8D0AF95} - (no file)
 O2 - BHO: ptjhchlp.dll - {328DF602-9541-A985-210A-984A6​98C6F23} - C:\WINDOWS\system32\ptjhchlp.d​ll
 O2 - BHO: mndscsrv.dll - {37FD640A-158F-48AC-FD14-1597F​14A9773} - C:\WINDOWS\system32\mndscsrv.d​ll
 O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2​BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools​.dll
 O2 - BHO: zywmdime.dll - {4319A1F1-9410-9654-3201-345FF​A349134} - C:\WINDOWS\system32\zywmdime.d​ll
 O2 - BHO: zxmsawin.dll - {4A041F13-A111-12A3-B0CF-F9981​8AA68A4} - C:\WINDOWS\system32\zxmsawin.d​ll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF​81A34A5} - C:\WINDOWS\system32\zyzxeime.d​ll
 O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374​CC7910E} - (no file)
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: (no name) - {7F76F60B-FF04-4E59-8C6B-B9B53​B6EA368} - C:\WINDOWS\system32\hyfiyzrvgf​.dll
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: (no name) - {FB3412B6-6D67-4650-B3B4-C2A90​191A80F} - C:\WINDOWS\system32\obwjzylpyj​.dll
 O2 - BHO: (no name) - {FCEAF8AB-7DC0-4E09-8E8D-163C1​024E04B} - C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys
 O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4​567E486} - D:\btcomet\BitComet\BitCometBa​r\BitCometBar0.2.dll
 O3 - Toolbar: (no name) - {29CF293A-1E7D-4069-9E11-E3969​8D0AF95} - (no file)
 O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13​FCA8E86} - (no file)
 O4 - HKLM\..\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
 O4 - HKLM\..\Run: [CnsM.dll] Rundll32.exe C:\PROGRA~1\3721\CnsM.dll,Rund​ll32
 O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.e​xe C:\PROGRA~1\3721\helper.dll,Ru​ndll32
 O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll​,Rundll32
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched​.exe"  -osboot
 O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
 O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPl​us.dll,Rundll32 R
 O4 - HKLM\..\Run: [TBMExe] C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\svc​host.exe
 O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe
 O4 - HKLM\..\Run: [fmsbbqi] C:\WINDOWS\fmsbbqi.exe
 O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe
 O4 - HKLM\..\Run: [bincdwsa] C:\WINDOWS\bincdwsa.exe
 O4 - HKLM\..\Run: [xpngipwm] C:\WINDOWS\pgpmxxvd.exe
 O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
 O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe
 O4 - HKLM\..\Run: [fiosectc] C:\WINDOWS\fiosectc.exe
 O4 - HKLM\..\Run: [ticisms] C:\WINDOWS\ticisms.exe
 O4 - HKLM\..\Run: [tciocp32] C:\WINDOWS\tciocp32.exe
 O4 - HKLM\..\Run: [LoveHebe] C:\WINDOWS\system32\vistaA.exe
 O4 - HKLM\..\RunOnce: [52pgnw8k] %systemroot%\system32\Rundll32​.exe  %systemroot%\system32\52pgnw8k​.dll,DllUnregisterServer
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\explorer.e​xe
 O4 - HKLM\..\Policies\Explorer\Run: [myccgj] rundll32.exe C:\WINDOWS\system32\mycc080302​.dll mymain
 O4 - HKLM\..\Policies\Explorer\Run: [zhqb_df] rundll32.exe C:\WINDOWS\system\zhqbdf080427​.dll zhqb16
 O4 - HKLM\..\Policies\Explorer\Run: [ccwl] rundll32.exe C:\WINDOWS\system32\ccwld16_08​0426.dll ccwl16
 O4 - HKLM\..\Policies\Explorer\Run: [cchh] rundll32.exe C:\WINDOWS\system32\mywcc08050​1.dll bgdll
 O4 - HKLM\..\Policies\Explorer\Run: [zsmstc] rundll32.exe C:\WINDOWS\system32\mxcdcsrv16​_080417.dll start
 O4 - HKCU\..\Policies\Explorer\Run: [zsms_check] rundll32.exe C:\WINDOWS\system32\zsmscheck0​80423.dll ccwljk16
 O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
 O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
 O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - S-1-5-18 Startup: dflljy.exe (User 'SYSTEM')
 O4 - .DEFAULT Startup: dflljy.exe (User 'Default user')
 O4 - Startup: &#24320;&#23631;&#26700;&#3875​4;&#30011;&#25253;.lnk = ?
 O4 - Global Startup: explorer.exe
 O4 - Global Startup: office.lnk = C:\WINDOWS\system\sgcxcxxaspf0​80522.exe
 O8 - Extra context menu item: &&#20351;&#29992;&#36229;&#324​23;&#26059;&#39118;&#19979;&#3​6733; - C:\Program Files\Tencent\QQDownload\getur​l.htm
 O8 - Extra context menu item: &&#20351;&#29992;&#36229;&#324​23;&#26059;&#39118;&#19979;&#3​6733;&#20840;&#37096;&#38142;&​#25509; - C:\Program Files\Tencent\QQDownload\getAl​lurl.htm
 O8 - Extra context menu item: &#28155;&#21152;&#21040;QQ&#34​920;&#24773; - C:\Program Files\Tencent\AddEmotion.htm
 O9 - Extra button: &#30693;&#35782;&#24211; - {06926B30-424E-4f1c-8EE3-543CD​96573DC} - http://blank.la/?h (file missing)
 O9 - Extra button: Yahoo 3.5G&#30005;&#37038; - {507F9113-CD77-4866-BA92-0E86D​A3D0B97} - http://cn.zs.yahoo.com/cnsbutt [...] =yahoomail (file missing)
 O9 - Extra button: &#38597;&#34382;WIDGET - {6354ABE6-05F1-49ed-B850-E4231​20EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
 O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-52128​8C52977} - C:\Program Files\PPLive\PPLive.exe (file missing)
 O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-52128​8C52977} - C:\Program Files\PPLive\PPLive.exe (file missing)
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: &#24773;&#26223;&#32842;&#2282​5; - {E5D12C4E-7B4F-11D3-B5C9-00500​45C3C96} - http://cn.zs.yahoo.com/cnsbutt [...] n=yahoomsg (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
 O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.d​ll
 O10 - Unknown file in Winsock LSP: c:\windows\system32\ywg32.dll
 O10 - Unknown file in Winsock LSP: c:\windows\system32\ywg32.dll
 O20 - AppInit_DLLs: ghjdtry.dll,dgxsrr.dll,fdght.d​ll,rgghjj.dll,sefawe.dll,frntr​n.dll,qrhhb.dll,drghszd.dll,fn​gn.dll,gjjte.dll,xgnfn.dll,xfg​nhcgfm.dll,serger.dll,bnxnb.dl​l,fxgnfx.dll,jzijj.dll,xfgnfx.​dll,serghjm.dll,thsddh.dll,xbc​vxb.dll,zfdzb.dll,xdndn.dll,xd​fntt.dll,hgfhk.dll,dnteh.dll,x​fng.dll,njritc.dll,chmfcmh.dll​,jwlah.dll,gmnait.dll,hfjg.dll​,thurh.dll,mgmgmm.dll,oqrthc.d​ll,hktrre.dll,jyjlt.dll,ijatna​w.dll,sehhter.dll,fhjfg.dll,zd​bdb.dll,ydgn.dll,dbfb.dll,fjnb​v.dll,fghshj.dll,setrhes.dll,c​dxbfxdb.dll,xfgnxfn.dll,gjkhj.​dll,xdhdg.dll,rhs.dll,mrjhtjd.​dll,zdbfbd.dll,fjyjy.dll,fxnfn​h.dll,bjrvm.dll,ektvm.dll,rdth​r.dll,rgfjj.dll,dscef.dll,crug​d.dll,lariytrz.dll,hjaiq.dll,k​duy.dll,hkfgh.dll,awef.dll,dfh​sh.dll,ethsh.dll,stehs.dll,sth​th.dll,wfhyt.dll,sperls.dll,
 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
 O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
 O23 - Service: Remote Connection Access Auto Manager (AutoRemote) - Unknown owner - C:\WINDOWS\sviec.exe
 O23 - Service: BCE37 - Unknown owner - C:\WINDOWS\system32\BCE37.exe
 O23 - Service: Contrl Center of Storm Media (ccosm) - &#21271;&#20140;&#26292;&#3911​8;&#32593;&#38469;&#31185;&#25​216;&#26377;&#38480;&#20844;&#​21496; - C:\Program Files\StormII\stormliv.exe
 O23 - Service: Ddarkshell (dark Server) - Unknown owner - C:\WINDOWS\system32\dark.exe
 O23 - Service: kernel32 - Unknown owner - c:\windows\system32\KERNEL32.e​xe
 O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - C:\KAV2006\KPfwSvc.EXE (file missing)
 O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - (no file)
 O23 - Service: mfc42 - Unknown owner - c:\windows\mfc42.exe
 O23 - Service: portablemsi - Unknown owner - C:\WINDOWS\system32\url2.exe
 O23 - Service: Windows China Driver (RemoteServer) - Unknown owner - C:\WINDOWS\system32\ntserver.e​xe
 O23 - Service: Servicewinhelp - Unknown owner - C:\WINDOWS\system32\winplay.ex​e
 O23 - Service: &#31649;&#29702;&#21644;&#3041​7;&#35270;&#26032;&#30828;&#30​424;&#39537;&#21160;&#22120;&#​24182;&#21521;&#36923;&#36753;​&#30913;&#30424;&#31649;&#2970​2;&#22120;&#31649;&#29702;&#26​381;&#21153;&#21457;&#36865;&#​21367;&#30340;&#20449;&#24687;​&#20197;&#20415;&#37197;&#3262​2;&#12290; (Tracking) - Unknown owner - C:\WINDOWS\system32\edling
 O23 - Service: Windows XP SP2 Center - Unknown owner - C:\WINDOWS\system32\1.exe
 O23 - Service: Windows Accounts Driver (windows_10) - Unknown owner - C:\WINDOWS\system32\1800.exe
 O23 - Service: winfirewall - Unknown owner - C:\WINDOWS\ime\winupgrade.exe
 O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 --
 End of file - 12112 bytes

(Publicité)
merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 24/05/2008 à 21:11:11  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Bonsoir,

 Ouaou :S Ce n'est plus un PC mais un véritable nid à virus ! Il y a plus de lignes néfastes que de bonnes sur ce rapport :pt1cable:

 On va donc tapper un grand coup direct ! :whistle:

 N.B : Vu le niveau de l'infection, je ne garantis pas de pouvoir réussir à le remettre sur pied, on verra bien :super:

 ***

 ==> Désactive toute protection résidente ( antivirus…) ! Aide ici : http://forum.pcastuces.com/des [...] -f31s4.htm

 
  • Sauvegarde le sur ton bureau et pas ailleurs !

 
  • Déconnecte-toi d’internet, ferme tous les programmes en cours[/b].
  • Double-clic sur combofix.exe ( le .exe peut ne pas apparaître ).
  • Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
  • Laisse combofix travailler : ne fais donc pas autre chose en même temps ! Et surtout ne clique pas sur la fenêtre avec ta souris au risque de planter le PC.
  • Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

 N.B : Le scan peut durer plusieurs heures vu le niveau de l'infection... En moyenne c'est 15 à 30 minutes :)

 Aide : Un guide et un tutoriel sur l'utilisation de ComboFix

 ==> Copie/colle un nouveau rapport HiJackThis avec.

 ;)

k1ks
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 24/05/2008 à 21:42:00  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut , Salut !!! :hello:

 Désolé , juste pour suivre !!! :)

 Merci !!! :super:

 ++

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 25/05/2008 à 00:53:31  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re, je post le message depuis un autre PC (ça fait du bien de pouvoir taper sur un vrai clavier au système azerty) j'ai effectué ce que vous avez demandé, toutefois j'ai bien galéré car il fallait redémarrer plusieurs fois le PC jusqu'à ce que je tombe sur le "bon" démarrage pour que les programmes fonctionnent correctement :ouch:  j'ai carrément l'amener chez moi pour que je puisse faire le scan pendant la nuit, du coup il n'a plus de connexion internet.

 Bien que le scan de combofix s'est bien déroulé jusqu'a la fin il y a eu tout de meme quelques détails que je vais quand meme vous préciser :

 - quand j'ai executé combofix jai pas eu la feneitre avec le message ou il fallait répondre par la touche 1 et entrer pour valider, il a passé aussitot au étape suivant.
 - pendant que Combofix fait son travaille, la feneitre bleu devrait normalement afficher les étapes mais ce n'était pas le cas: la feneitre bleu était vide, j'avais eu peur un éventuel plantage mais en fait non, le PC a rebooté apres et il a fini son travail et a crée son rapport.

 Voici donc le rapport de ComboFix :

 ComboFix 08-05-21.3 - user 2008-05-25  1:03:32.1 - NTFSx86
 Microsoft Windows XP Professional  5.1.2600.2.936.1.2052.18.230 [GMT 2:00]
 ˆÌÐÐΠ»ÖÃ: C:\Documents and Settings\user\×ÀÃæ\ComboFix.ex​e
 * Òѽ¨Á¢ÐµÄ߀ԭüc

 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 .
 The following files were disabled during the run:
 C:\WINDOWS\system32\frntrn.dll
 C:\WINDOWS\system32\gjjte.dll
 C:\WINDOWS\system32\xgnfn.dll
 C:\WINDOWS\system32\jwlah.dll
 C:\WINDOWS\system32\hfjg.dll
 C:\WINDOWS\system32\mgmgmm.dll
 C:\WINDOWS\system32\oqrthc.dll
 C:\WINDOWS\system32\jyjlt.dll
 C:\WINDOWS\system32\ijatnaw.dl​l
 C:\WINDOWS\system32\sehhter.dl​l
 C:\WINDOWS\system32\ydgn.dll
 C:\WINDOWS\system32\fjnbv.dll
 C:\WINDOWS\system32\bjrvm.dll
 C:\WINDOWS\system32\rgfjj.dll
 C:\WINDOWS\system32\lariytrz.d​ll
 C:\WINDOWS\system32\kduy.dll
 C:\WINDOWS\system32\msepbe.dll


 ((((((((((((((((((((((((((((((​((((((((   ÆäËûÔâ„h³ýµÄ™n°¸   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 .

 C:\Documents and Settings\All Users\Application Data\microsoft\pctools
 C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools​.dll
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin12.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin13.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin14.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin15.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin16.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin17.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin18.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin19.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin20.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin21.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin22.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin23.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin24.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin25.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin26.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin27.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin28.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin29.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin30.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin31.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
 C:\Documents and Settings\All Users\lljydf16.ini
 C:\Documents and Settings\All Users\zhqbdf16.ini
 C:\Documents and Settings\All Users\zsmsdf32.ini
 C:\Documents and Settings\LocalService\Favorite​s\Á´½Ó
 C:\Documents and Settings\user\Favorites\Á´½Ó
 C:\Program Files\3721
 C:\Program Files\3721\alrex.dll
 C:\Program Files\3721\CnsM.dll
 C:\Program Files\3721\helper.dll
 C:\Program Files\baidu
 C:\Program Files\baidu\bar\baidubar.dat
 C:\Program Files\baidu\bar\BaiduBar.dll
 C:\Program Files\baidu\bar\bdgdins.dll
 C:\Program Files\baidu\bar\img\imglist.bm​p
 C:\Program Files\baidu\bar\img\logo.bmp
 C:\Program Files\Internet Explorer\IEXPLORE32.Sys
 C:\Program Files\Internet Explorer\PLUGINS\SysWin16.Jmp
 C:\Program Files\internet explorer\plugins\WinSys16.Sys
 C:\WINDOWS\1258.exe
 C:\WINDOWS\29074.exe
 C:\WINDOWS\29259.exe
 C:\WINDOWS\33271.exe
 C:\WINDOWS\3701ecb161.dll
 C:\WINDOWS\42678.exe
 C:\WINDOWS\49940.exe
 C:\WINDOWS\5540.exe
 C:\WINDOWS\acdsee321.dll
 C:\WINDOWS\DbgHlp32.exe
 C:\WINDOWS\dbhlp32.exe
 C:\WINDOWS\dionpis.exe
 C:\WINDOWS\dodolook135.exe
 C:\WINDOWS\Downloaded Program Files.\CnsHint.cab
 C:\WINDOWS\Downloaded Program Files.\CnsHook.dll.1.log
 C:\WINDOWS\Downloaded Program Files.\CnsHook.dll.2.log
 C:\WINDOWS\Downloaded Program Files.\CnsMinAL.cab
 C:\WINDOWS\Downloaded Program Files.\CnsMinCg.ini
 C:\WINDOWS\Downloaded Program Files.\CnsMinDT.cab
 C:\WINDOWS\Downloaded Program Files.\CnsPlus.cab
 C:\WINDOWS\Downloaded Program Files.\CnsUp.ini
 C:\WINDOWS\Downloaded Program Files\3721
 C:\WINDOWS\Downloaded Program Files\CnsMinAL.cab
 C:\WINDOWS\Downloaded Program Files\CnsMinCg.ini
 C:\WINDOWS\Downloaded Program Files\CnsMinDT.cab
 C:\WINDOWS\Downloaded Program Files\keepmainm.cab
 C:\WINDOWS\Downloaded Program Files\sms.ico
 C:\WINDOWS\Downloaded Program Files\taobao.ico
 C:\WINDOWS\Downloaded Program Files\yahoomsg.ico
 C:\WINDOWS\Downloaded Program Files\ymail.ico
 C:\WINDOWS\fiosectc.exe
 C:\WINDOWS\fmsjhif.exe
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\clf​mon.exe
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\ind​ex.htm
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\KB9​30.vxd
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\lmm​h.exe
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\lmm​h.gif
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\qq.​exe
 C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\qq.​gif
 C:\WINDOWS\hitpop_tmp.txt
 C:\WINDOWS\huifitc.exe
 C:\WINDOWS\mfc42.exe
 C:\WINDOWS\Packet.dll
 C:\WINDOWS\pwisys.ini
 C:\WINDOWS\system\lljy080426.e​xe
 C:\WINDOWS\system\lljy32.dll
 C:\WINDOWS\system\zhqb32.dll
 C:\WINDOWS\system\zhqbdf080424​.dll
 C:\WINDOWS\system\zhqbdf080427​.dll
 C:\WINDOWS\system32\1.exe
 C:\WINDOWS\system32\1340.exe
 C:\WINDOWS\system32\1800.exe
 C:\WINDOWS\system32\3.exe
 C:\WINDOWS\system32\5.exe
 C:\WINDOWS\system32\98fe4ab861​.dll
 C:\WINDOWS\system32\admin6_ver​0424.exe
 C:\WINDOWS\system32\aduio.sys
 C:\WINDOWS\system32\amejup.dll
 C:\WINDOWS\system32\axmsawin.e​xe
 C:\WINDOWS\system32\azzxaime.e​xe
 C:\WINDOWS\system32\BDGuardS.D​AT
 C:\WINDOWS\system32\bincdwsa.d​ll
 C:\WINDOWS\system32\bjrvm.cfg
 C:\WINDOWS\system32\bjrvm.dll.​vir
 C:\WINDOWS\system32\bmniqi.dll
 C:\WINDOWS\system32\cedafb.dll
 C:\WINDOWS\system32\CGJOUYDHLP​UYCGK.DLL
 C:\WINDOWS\system32\cns.dat
 C:\WINDOWS\system32\cns.dll
 C:\WINDOWS\system32\cns.exe
 C:\WINDOWS\system32\d3d1caps.s​rg
 C:\WINDOWS\system32\dark.exe
 C:\WINDOWS\system32\DbgHlp32.d​ll
 C:\WINDOWS\system32\dbhlp32.dl​L
 C:\WINDOWS\system32\dionpis.dl​l
 C:\WINDOWS\system32\discard.in​i
 C:\WINDOWS\system32\dodolook59​1.exe
 C:\WINDOWS\system32\dqFKKFKK10​63.dll
 C:\WINDOWS\system32\dqFKKFKK10​63.exe
 C:\WINDOWS\system32\dqSUCSUC10​42.dll
 C:\WINDOWS\system32\dqSUCSUC10​42.exe
 C:\WINDOWS\system32\dqWLVWLV10​12.dll
 C:\WINDOWS\system32\dqWLVWLV10​12.exe
 C:\WINDOWS\system32\drivers\ac​pidisk.sys
 C:\WINDOWS\system32\drivers\bd​guard.sys
 C:\WINDOWS\system32\drivers\Cn​sMinKP.sys
 C:\WINDOWS\system32\drivers\ha​pdrv2.sys
 C:\WINDOWS\system32\drivers\ms​osmsfpfis64.sys
 C:\WINDOWS\system32\drivers\Re​loadAnti.sys
 C:\WINDOWS\system32\drivers\wi​nhelp.sys
 C:\WINDOWS\system32\drivers\wi​nplay.sys
 C:\WINDOWS\system32\drivers\wi​nshow.sys
 C:\WINDOWS\system32\drivers\XN​GAnti.sys
 C:\windows\system32\explorer.e​xe
 C:\WINDOWS\system32\fiosectc.d​ll
 C:\WINDOWS\system32\fmsbbqi.dl​l
 C:\WINDOWS\system32\fmsjhif.dl​l
 C:\WINDOWS\system32\fxzxaime.s​ys
 C:\WINDOWS\system32\fzmsawin.s​ys
 C:\WINDOWS\system32\gjjte.cfg
 C:\WINDOWS\system32\gjjte.dll.​vir
 C:\WINDOWS\system32\havser.ini
 C:\WINDOWS\system32\hfjg.cfg
 C:\WINDOWS\system32\hfjg.dll.v​ir
 C:\WINDOWS\system32\huifitc.dl​l
 C:\WINDOWS\system32\iexp_log.t​xt
 C:\WINDOWS\system32\ijatnaw.cf​g
 C:\WINDOWS\system32\ijatnaw.dl​l.vir
 C:\WINDOWS\system32\inf\scrsys​zy080427.scr
 C:\WINDOWS\system32\inf\svch0s​t.exe
 C:\WINDOWS\system32\inf\svchos​ts.exe
 C:\WINDOWS\system32\instalflas​h.dll
 C:\WINDOWS\system32\isdsasrv.e​xe
 C:\WINDOWS\system32\jdsaex.dll
 C:\WINDOWS\system32\jfrwdh.dll
 C:\WINDOWS\system32\jhrcar.dll
 C:\WINDOWS\system32\jnqpydwx.d​ll
 C:\WINDOWS\system32\jyjlt.dll.​vir
 C:\WINDOWS\system32\kernel32.e​xe
 C:\WINDOWS\system32\kniyhp.dll
 C:\WINDOWS\system32\lariytrz.c​fg
 C:\WINDOWS\system32\lariytrz.d​ll.vir
 C:\WINDOWS\system32\mfchlp64.d​ll
 C:\WINDOWS\system32\mgmgmm.cfg
 C:\WINDOWS\system32\mgmgmm.dll​.vir
 C:\WINDOWS\system32\mhozme.dll
 C:\WINDOWS\system32\MMFKKLJK10​71.dll
 C:\WINDOWS\system32\MMSADZFB10​45.dll
 C:\WINDOWS\system32\MMWLVAHB10​17.dll
 C:\WINDOWS\system32\mndscsrv.d​ll
 C:\WINDOWS\system32\Mousie.exe
 C:\WINDOWS\system32\mprmsgse.a​xz
 C:\WINDOWS\system32\mscpx32r.d​et
 C:\WINDOWS\system32\msepbe.dll​.vir
 C:\WINDOWS\system32\Msi.sys
 C:\WINDOWS\system32\msoscqit.d​at
 C:\WINDOWS\system32\msoscqit00​.dll
 C:\WINDOWS\system32\msosdohs.d​at
 C:\WINDOWS\system32\msosdohs00​.dll
 C:\WINDOWS\system32\msosfmsq00​.dll
 C:\WINDOWS\system32\msosmhfp.d​at
 C:\WINDOWS\system32\msosmhfp00​.dll
 C:\WINDOWS\system32\msosmnsf.d​at
 C:\WINDOWS\system32\msosmnsf00​.dll
 C:\WINDOWS\system32\msosping00​.dll
 C:\WINDOWS\system32\my_80004.e​xe
 C:\WINDOWS\system32\Nessery.sy​s
 C:\WINDOWS\system32\oobe\2080
 C:\WINDOWS\system32\oobe\2080\​svchost.exe
 C:\WINDOWS\system32\oqrthc.cfg
 C:\WINDOWS\system32\oqrthc.dll​.vir
 C:\WINDOWS\system32\pmjhahlp.s​ys
 C:\WINDOWS\system32\portablems​i.dll
 C:\WINDOWS\system32\ptjhchlp.d​ll
 C:\WINDOWS\system32\pzzxaime.s​ys
 C:\WINDOWS\system32\qqhtwv.dll
 C:\WINDOWS\system32\qqjdzw.dll
 C:\WINDOWS\system32\rgfjj.cfg
 C:\WINDOWS\system32\rgfjj.dll.​vir
 C:\WINDOWS\system32\sehhter.cf​g
 C:\WINDOWS\system32\sehhter.dl​l.vir
 C:\WINDOWS\system32\sgrefg.dll
 C:\WINDOWS\system32\sichost.ex​e
 C:\WINDOWS\system32\smdsasrv.s​ys
 C:\WINDOWS\system32\sovlost.ex​e
 C:\WINDOWS\system32\sperls.dll
 C:\WINDOWS\system32\spjhahlp.e​xe
 C:\WINDOWS\system32\svch0st.ex​e
 C:\WINDOWS\system32\SVZDJOSWAE​I.DLL
 C:\WINDOWS\system32\tciocp32.d​ll
 C:\WINDOWS\system32\tcpip.exe
 C:\WINDOWS\system32\tcpip.l
 C:\WINDOWS\system32\tcpip.sys
 C:\WINDOWS\system32\tfsdmz.dll
 C:\WINDOWS\system32\ticisms.dl​l
 C:\WINDOWS\system32\ttEZZEZZ10​46.dll
 C:\WINDOWS\system32\ttKAFKAF10​65.dll
 C:\WINDOWS\system32\ttNNBNNB10​47.dll
 C:\WINDOWS\system32\ttQACQAC10​38.dll
 C:\WINDOWS\system32\ttQACQAC10​38.exe
 C:\WINDOWS\system32\ttVUFVUF10​11.dll
 C:\WINDOWS\system32\upsips.dll
 C:\WINDOWS\system32\url1.exe
 C:\WINDOWS\system32\vmvreg32.d​ll
 C:\WINDOWS\system32\wbem\BGLQW​AFJOSXBFJ.MDA
 C:\WINDOWS\system32\winhelp.ex​e
 C:\WINDOWS\system32\winini.exe
 C:\WINDOWS\system32\winplay.ex​e
 C:\WINDOWS\system32\winshow.dl​l
 C:\WINDOWS\system32\winsys.exe
 C:\WINDOWS\system32\wyhesm.dll
 C:\WINDOWS\system32\xgnfn.cfg
 C:\WINDOWS\system32\xgnfn.dll.​vir
 C:\WINDOWS\system32\yixggm.dll
 C:\WINDOWS\system32\ywcbgfl.dl​l
 C:\WINDOWS\system32\ywg32.dll
 C:\WINDOWS\system32\ywtlgfl.dl​l
 C:\WINDOWS\system32\zgfdet.dll
 C:\WINDOWS\system32\zgxfdx.dll
 C:\WINDOWS\system32\zjydcx.dll
 C:\WINDOWS\system32\zohkcm.dll
 C:\WINDOWS\system32\zpqjsr.dll
 C:\WINDOWS\system32\zqopap.dll
 C:\WINDOWS\system32\zxmsawin.d​ll
 C:\WINDOWS\system32\zyzxeime.d​ll
 C:\WINDOWS\tempaq
 C:\WINDOWS\ticisms.exe
 C:\WINDOWS\uusee.exe
 C:\WINDOWS\WanPacket.dll
 C:\WINDOWS\wpcap.dll

 .
 ((((((((((((((((((((((((((((((​(((((((((   Drivers/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 -------\Legacy_ACPIDISK
 -------\Legacy_AUTOREMOTE
 -------\Legacy_BDGUARD
 -------\Legacy_CNSMINKP
 -------\Legacy_DARK_SERVER
 -------\Legacy_KERNEL32
 -------\Legacy_MFC42
 -------\Legacy_MSFPFIS64
 -------\Legacy_NESSERY
 -------\Legacy_NPF
 -------\Legacy_PORTABLEMSI
 -------\Legacy_SECCTRL
 -------\Legacy_SERVICEWINHELP
 -------\Legacy_SVCHOST
 -------\Legacy_WININI
 -------\Service_acpidisk
 -------\Service_AutoRemote
 -------\Service_BdGuard
 -------\Service_cqit
 -------\Service_dark Server
 -------\Service_dohs
 -------\Service_fmsq
 -------\Service_kernel32
 -------\Service_mfc42
 -------\Service_mhfp
 -------\Service_mnsf
 -------\Service_msfpfis64
 -------\Service_Nessery
 -------\Service_NPF
 -------\Service_ping
 -------\Service_portablemsi
 -------\Service_RESSDT
 -------\Service_secctrl
 -------\Service_Servicewinhelp
 -------\Service_WinINI
 -------\Legacy_Windows_XP_SP2_​Center
 -------\Legacy_windows_10
 -------\Service_Windows XP SP2 Center
 -------\Service_windows_10


 ((((((((((((((((((((((((((((   2008-04-24 - 2008-05-24 Ö®ég½¨Á¢µÄ™n°¸  ))))))))))))))))))))))))))))))​)))
 .

 2008-05-25 01:09 . 2008-05-25 01:11 347 --a------ C:\WINDOWS\pwisys.ini
 2008-05-25 01:09 .  53  C:\mylstecj.bat
 2008-05-25 01:09 . 2008-05-25 01:09 51 --a------ C:\zsmstccj.bat
 2008-05-25 00:58 . 2008-05-20 23:38 4,224 --a------ C:\WINDOWS\system32\drivers\be​ep.sys
 2008-05-25 00:58 . 2008-05-20 23:38 4,224 --a--c--- C:\WINDOWS\system32\dllcache\b​eep.sys
 2008-05-24 17:48 . 2008-05-24 17:48 15,872 --a------ C:\Documents and Settings\servciesd.exe
 2008-05-24 17:31 . 2008-05-24 17:48 266 --a------ C:\WINDOWS\system32\mywehit.in​i.tmp
 2008-05-24 17:21 . 2008-05-24 17:20 15,872 --a------ C:\WINDOWS\system32\servciesd.​exe
 2008-05-24 15:58 . 2008-05-25 00:57 50,176 --a------ C:\WINDOWS\system32\HD_DRIVER.​dll
 2008-05-24 15:58 . 2008-05-24 17:16 27,397 --a------ C:\WINDOWS\system32\hd_driver.​exe
 2008-05-24 15:39 . 2008-05-24 15:39 <DIR> d-------- C:\Program Files\Trend Micro
 2008-05-24 15:26 . 2008-05-24 15:26 2,816 --a------ C:\NPOCTBAmAtecj.sys
 2008-05-24 14:30 . 2008-05-24 14:30 <DIR> d-------- C:\Deckard
 2008-05-24 13:47 . 2008-05-24 17:50 13,695 --a------ C:\WINDOWS\system32\myiecfg.in​i.tmp
 2008-05-23 14:39 . 2008-05-23 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 2008-05-23 13:57 . 2008-05-23 13:57 <DIR> d-------- C:\My Music
 2008-05-23 13:53 . 2008-05-23 13:53 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.O​CX
 2008-05-23 13:53 . 2008-05-25 01:09 106,496 ---h----- C:\WINDOWS\system32\B9BBB.exe
 2008-05-23 13:53 . 2008-05-23 13:53 95,744 --a------ C:\WINDOWS\system32\BCE37.exe
 2008-05-23 13:52 . 2008-05-23 13:52 44,544 --a------ C:\WINDOWS\system32\drivers\lc​pjpi.sys
 2008-05-23 13:17 . 2008-05-23 13:17 <DIR> d-------- C:\Program Files\Avira
 2008-05-23 13:17 . 2008-05-23 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
 2008-05-23 13:14 . 2008-05-24 17:20 108,032 --a------ C:\Documents and Settings\servciesc.exe
 2008-05-23 13:01 . 2006-04-15 02:00 470,528 --a------ C:\WINDOWS\system32\tmpcj1.exe
 2008-05-23 13:01 . 2008-05-25 01:10 224,256 --a------ C:\WINDOWS\system32\mdbbccasys​32_080522.dll
 2008-05-23 13:01 . 2008-05-23 13:01 112,740 --a------ C:\WINDOWS\system\sgcxcxxaspf0​80522.exe
 2008-05-23 13:01 . 2008-05-25 01:09 31,232 --a------ C:\WINDOWS\system32\lwfdfia16_​080522.dll
 2008-05-23 12:57 . 2008-05-23 12:57 89,088 --a------ C:\WINDOWS\newie.exe
 2008-05-23 12:56 . 2008-05-23 12:56 24,576 --a------ C:\WINDOWS\ha_80161.exe
 2008-05-23 12:55 . 2008-05-23 12:56 254,464 --a------ C:\WINDOWS\system32\qgtbnkblwt​.dll
 2008-05-20 23:36 . 2008-05-20 23:36 2,816 --a------ C:\flYIQMNvyqH.sys
 2008-05-09 18:39 . 2008-05-25 01:10 121 --a------ C:\time.bat
 2008-05-09 18:17 . 2008-05-09 18:17 516,096 ---hs---- C:\WINDOWS\system\zhqb320.dll
 2008-05-09 18:17 . 2008-05-09 18:16 263,844 ---hs---- C:\WINDOWS\system\zhqbs080424.​exe
 2008-05-09 18:16 . 2006-04-15 02:00 470,528 --a------ C:\WINDOWS\system32\tmpzhqbdf1​.exe
 2008-05-09 17:28 . 2008-05-09 17:29 56,332,908 --a------ C:\WINDOWS\QQxcv.EXE
 2008-05-09 15:46 . 2008-05-25 00:57 48,640 --a------ C:\WINDOWS\system32\msvcrt25.d​ll
 2008-05-09 15:46 . 2008-05-09 15:45 26,517 --a------ C:\WINDOWS\system32\msvcrty.ex​e
 2008-05-09 15:35 . 2008-05-09 15:35 56,332,396 --a------ C:\WINDOWS\WNETNF.EXE
 2008-05-09 15:25 . 2008-05-09 15:25 268 --ah----- C:\sqmdata07.sqm
 2008-05-09 15:25 . 2008-05-09 15:25 244 --ah----- C:\sqmnoopt07.sqm
 2008-05-08 21:24 . 2008-05-08 21:24 203,776 --a------ C:\WINDOWS\system32\zykjnmwisz​cyys32_080507.dll
 2008-05-08 21:24 . 1982-05-08 20:49 104,436 --a------ C:\WINDOWS\system\zykjnzayjhxp​Res080507.exe
 2008-05-08 21:24 . 2008-05-08 21:24 28,160 --a------ C:\WINDOWS\system32\zykjnlwsy1​6_080507.dll
 2008-05-08 21:24 . 2008-05-08 21:24 362 --a------ C:\WINDOWS\zykjn16.ini
 2008-05-08 20:29 . 2008-05-24 17:21 28,163 --a------ C:\WINDOWS\system32\avp.exe
 2008-05-08 20:15 . 2008-05-23 14:03 404 --a------ C:\WINDOWS\system32\WAFKPTXBGK​PT.LDO
 2008-05-08 20:08 . 2006-04-15 02:00 470,528 --a------ C:\WINDOWS\system32\tmpcj2.exe
 2008-05-08 20:05 . 2008-05-25 01:09 130,560 --a------ C:\WINDOWS\system32\mycgc32.dl​l
 2008-05-08 20:04 . 2008-05-24 16:55 263 --a------ C:\WINDOWS\system32\myiecfg.in​i
 2008-05-08 19:59 . 2008-05-08 19:57 82,068 -r-hs---- C:\WINDOWS\system32\myhhcc0805​01.exe
 2008-05-08 19:59 . 2008-05-08 19:59 28,160 --a------ C:\WINDOWS\system32\mywcc08050​1.dll
 2008-05-08 19:58 . 2008-05-23 13:54 1,307 --a------ C:\WINDOWS\system32\g001F0yg8.​dll
 2008-05-08 19:56 . 2008-05-25 01:11 536,064 ---h----- C:\WINDOWS\system32\mcdcsrv32_​080417.dll
 2008-05-08 19:56 . 2008-05-08 19:56 245,316 ---h----- C:\WINDOWS\system32\raidiap080​417.exe
 2008-05-08 19:56 . 2008-05-08 19:56 22,528 --------- C:\WINDOWS\system32\mxcdcsrv16​_080417.dll
 2008-05-08 19:56 . 2008-05-08 19:59 233 --a------ C:\WINDOWS\ie.ini
 2008-05-08 19:50 . 2008-05-25 01:09 24 --a------ C:\WINDOWS\system32\pzwmaime.s​ys
 2008-05-08 19:50 . 2008-05-25 01:09 24 --a------ C:\WINDOWS\system32\pzwlaime.s​ys
 2008-05-08 19:46 . 2008-05-08 19:46 30,492 --a------ C:\WINDOWS\system32\joiinz.dll
 2008-05-08 19:46 . 2008-05-09 15:35 19,248 --a------ C:\WINDOWS\system32\MMWLVAHB10​17.exe
 2008-05-08 19:46 . 2008-05-09 15:36 18,645 --a------ C:\WINDOWS\system32\MMSADZFB10​45.exe
 2008-05-08 19:46 . 2008-05-09 15:38 15,766 --a------ C:\WINDOWS\system32\azwlaime.e​xe
 2008-05-08 19:46 . 2008-05-08 19:46 256 --a------ C:\WINDOWS\system32\msosfmsq.d​at
 2008-05-08 19:45 . 2008-05-09 15:32 18,119 --a------ C:\WINDOWS\system32\MMFKKLJK10​71.exe
 2008-05-08 19:45 . 2008-05-09 15:34 14,737 --a------ C:\WINDOWS\system32\tpfsajbo.e​xe
 2008-05-08 19:45 . 2008-05-09 15:31 3,072 --ahs---- C:\WINDOWS\system32\drivers\ms​osmsp2p32.sys
 2008-05-08 19:45 . 2008-05-09 15:35 2,688 --a------ C:\WINDOWS\system32\drivers\ha​pdrv.sys
 2008-05-08 19:35 . 2008-05-08 19:35 223,232 --a------ C:\WINDOWS\system32\hyfiyzrvgf​.dll
 2008-05-08 18:01 . 2008-05-08 18:01 268 --ah----- C:\sqmdata06.sqm
 2008-05-08 18:01 . 2008-05-08 18:01 244 --ah----- C:\sqmnoopt06.sqm
 2008-05-07 22:40 . 2008-05-07 22:40 268 --ah----- C:\sqmdata05.sqm
 2008-05-07 22:40 . 2008-05-07 22:40 244 --ah----- C:\sqmnoopt05.sqm
 2008-05-03 23:07 . 2008-05-03 23:07 268 --ah----- C:\sqmdata04.sqm
 2008-05-03 23:07 . 2008-05-03 23:07 244 --ah----- C:\sqmnoopt04.sqm
 2008-05-03 23:06 . 2008-05-08 19:35 67,584 ---hs---- C:\Documents and Settings\servciesa.exe
 2008-05-03 22:52 . 2008-05-03 22:52 268 --ah----- C:\sqmdata03.sqm
 2008-05-03 22:52 . 2008-05-03 22:52 244 --ah----- C:\sqmnoopt03.sqm
 2008-04-30 18:17 . 2008-05-08 18:59 105,984 --a------ C:\Documents and Settings\servciese.exe
 2008-04-30 18:17 . 2008-05-25 00:57 52,224 --a------ C:\WINDOWS\system32\ntnids32.d​ll
 2008-04-30 18:17 . 2008-04-30 21:57 27,648 --a------ C:\WINDOWS\system32\ntnids32.e​xe
 2008-04-30 18:17 . 2008-04-30 22:01 10,752 --a------ C:\WINDOWS\system32\Server1.ex​e
 2008-04-30 18:15 . 2008-05-24 17:47 147,193 --a------ C:\Documents and Settings\servciesb.exe
 2008-04-30 18:15 . 2008-04-30 18:15 16,384 --a------ C:\WINDOWS\system32\servciesa.​exe
 2008-04-30 17:57 . 2008-04-30 17:57 62,534,396 --a------ C:\WINDOWS\KVNETSH.EXE
 2008-04-30 17:56 . 2008-05-09 17:28 11 --a------ C:\WINDOWS\win32.btl
 2008-04-30 17:54 . 2008-04-30 17:54 24,576 --a------ C:\WINDOWS\ha_80033.exe
 2008-04-30 17:53 . 2008-04-30 17:53 222,720 --a------ C:\WINDOWS\system32\obwjzylpyj​.dll
 2008-04-30 17:50 . 2008-04-30 17:52 182,272 --a------ C:\WINDOWS\system32\ccwld32_08​0430.dll
 2008-04-30 17:50 . 2008-04-30 17:50 92,644 --a------ C:\WINDOWS\system32\ccwlae0804​30.exe
 2008-04-30 17:50 . 2008-04-30 17:50 23,040 --a------ C:\WINDOWS\system32\ccwld16_08​0430.dll
 2008-04-30 17:07 . 2008-04-30 17:07 268 --ah----- C:\sqmdata02.sqm
 2008-04-30 17:07 . 2008-04-30 17:07 244 --ah----- C:\sqmnoopt02.sqm
 2008-04-29 22:00 . 2008-04-29 22:00 268 --ah----- C:\sqmdata01.sqm
 2008-04-29 22:00 . 2008-04-29 22:00 244 --ah----- C:\sqmnoopt01.sqm
 2008-04-29 21:53 . 2008-04-29 21:53 268 --ah----- C:\sqmdata00.sqm
 2008-04-29 21:53 . 2008-04-29 21:53 244 --ah----- C:\sqmnoopt00.sqm
 2008-04-28 13:42 . 2008-05-24 17:47 164 --a------ C:\WINDOWS\system32\mywehit.in​i
 2008-04-28 13:26 . 2008-05-25 01:09 <DIR> d-------- C:\WINDOWS\system32\inf
 2008-04-28 13:26 . 2008-04-28 13:26 203,776 --a------ C:\WINDOWS\system32\mwiszcyys3​2_080427.dll
 2008-04-28 13:26 . 2008-04-28 13:25 104,128 --a------ C:\WINDOWS\system\zayjhxpRes08​0427.exe
 2008-04-28 13:26 . 2008-04-28 13:26 28,160 --a------ C:\WINDOWS\system32\lwizysy16_​080427.dll
 2008-04-28 13:26 . 2008-04-28 13:26 366 --a------ C:\WINDOWS\zuoyu16.ini
 2008-04-28 13:25 . 2008-04-28 13:26 110,972 --a------ C:\WINDOWS\system32\url5.exe
 2008-04-28 13:25 . 2008-04-28 13:25 104,128 --a------ C:\WINDOWS\system32\url3.exe
 2008-04-28 13:25 . 2008-04-28 13:25 24,576 --a------ C:\WINDOWS\system32\url4.exe
 2008-04-28 13:22 . 2008-04-28 13:22 38,400 --a------ C:\WINDOWS\system32\temp_112.e​xe
 2008-04-28 13:22 . 2008-04-28 13:22 24,576 --a------ C:\WINDOWS\system32\url2.exe
 2008-04-28 12:54 . 2008-04-28 12:54 24,064 --a------ C:\WINDOWS\system32\edling
 2008-04-28 12:48 . 2008-05-25 01:09 291 --a------ C:\WINDOWS\cc16.ini
 2008-04-28 12:47 . 2008-05-25 00:59 92 --a------ C:\WINDOWS\system32\systemInfo​mations.ini
 2008-04-28 12:11 . 2008-04-28 12:11 38,400 --a------ C:\WINDOWS\system32\temp_47.ex​e
 2008-04-28 12:11 . 2008-04-28 12:11 38,400 --a------ C:\WINDOWS\system32\temp_15.ex​e
 2008-04-28 11:56 . 2008-04-28 11:56 222,720 --a------ C:\WINDOWS\system32\hukkcbvgqq​.dll
 2008-04-28 11:56 . 2008-04-28 11:56 40,040 --a------ C:\WINDOWS\page3.exe
 2008-04-26 23:49 . 2008-04-26 23:48 263,944 ---hs---- C:\WINDOWS\system\zhqbs080427.​exe
 2008-04-26 23:48 . 2008-04-28 13:48 970 --a------ C:\WINDOWS\system32\AutoMsi.sy​s
 2008-04-26 19:52 . 2008-04-26 19:52 2,429 --a------ C:\WINDOWS\system32\frntrn.dll
 2008-04-26 19:52 . 2008-04-26 19:52 280 ---hs---- C:\WINDOWS\system32\ydgn.cfg
 2008-04-26 19:52 . 2008-04-26 19:52 144 ---hs---- C:\WINDOWS\system32\kduy.cfg
 2008-04-26 16:19 . 2008-04-26 16:19 144 ---hs---- C:\WINDOWS\system32\ywcbgfl.cf​g
 2008-04-26 16:18 . 2008-04-26 16:18 280 ---hs---- C:\WINDOWS\system32\jwlah.cfg
 2008-04-26 16:16 . 2008-04-26 18:52 552 ---hs---- C:\WINDOWS\system32\fjnbv.cfg
 2008-04-26 16:15 . 2008-04-26 16:53 229,376 --ah----- C:\WINDOWS\system32\hhrdxd.dll
 2008-04-26 16:14 . 2008-04-26 16:14 8,704 --a------ C:\WINDOWS\system32\espter.sys

 .
 ((((((((((((((((((((((((((((((​((((((   ½üÈý‚€Ôƒȸü„ӵęn°¸   ))))))))))))))))))))))))))))))​)))))))))))))))))
 .
 2008-05-24 22:59 1,378 ----a-w C:\Program Files\key.txt
 2008-05-23 12:11 84,992 ----a-w C:\Program Files\win.ini
 2008-05-09 20:35 --------- d-----w C:\Program Files\Tencent
 2008-04-28 09:57 --------- d-----w C:\Program Files\StormII
 2008-04-25 12:17 --------- d-----w C:\Documents and Settings\user\Application Data\Tencent
 2008-04-24 15:56 344,064 ----a-w C:\WINDOWS\system32\Codec Analyzer.zip
 2008-04-24 15:09 --------- d-----w C:\Documents and Settings\user\Application Data\QQDoctor
 2008-04-23 18:41 26,812 --sh--r C:\WINDOWS\system32\zsmscheck0​80423.exe
 2008-04-23 18:41 26,112 --sh--r C:\WINDOWS\system32\zsmscheck0​80423.dll
 2008-04-23 18:38 24,576 ----a-w C:\WINDOWS\ha_80034.exe
 2008-04-23 18:36 81,920 ----a-w C:\WINDOWS\system32\skype.exe
 2008-04-22 10:50 --------- d-----w C:\Documents and Settings\user\Application Data\BITS
 2008-04-18 21:58 --------- d-----w C:\Documents and Settings\user\Application Data\Sierra
 2008-04-18 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
 2008-04-06 13:17 11,776 ----a-w C:\WINDOWS\system32\TesSafe.sy​s
 2008-04-01 20:26 --------- d-----w C:\Program Files\SogouInput
 2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.d​ll
 2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\msjint40.d​ll
 2008-03-20 08:03 1,844,864 ----a-w C:\WINDOWS\system32\win32k.sys
 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.D​LL
 2004-08-08 13:34 16,318 --sh--w C:\WINDOWS\system32\azwmaime.e​xe
 2004-08-08 13:34 1,040 --sh--w C:\WINDOWS\system32\fxwmbime.s​ys
 2002-10-07 04:04 25,600 --sh--w C:\WINDOWS\system32\NpzwwmWlDS​Psy.dll
 2006-04-15 00:00 36,864 --sh--w C:\WINDOWS\system32\ntserver.e​xe
 2004-08-08 17:45 537,096 --sh--w C:\WINDOWS\system32\zywmdime.d​ll
 .

 ------- Sigcheck -------

 2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4​b4 C:\WINDOWS\$hf_mig$\KB917953\S​P2QFE\tcpip.sys
 2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8​c8 C:\WINDOWS\$hf_mig$\KB941644\S​P2QFE\tcpip.sys
 2006-01-13 04:28  359808  537f2982b94ee78f3d12415aae6c10​b8 C:\WINDOWS\$NtUninstallKB91795​3$\tcpip.sys
 2006-04-20 13:51  359808  b4e29943b4b04bd5e7381546848e66​69 C:\WINDOWS\$NtUninstallKB94164​4$\tcpip.sys
 2008-02-10 16:15  360064  01307b76a916a8f6d1f1452744ba7a​d6 C:\WINDOWS\system32\backup\tcp​ip.sys
 2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b1​78 C:\WINDOWS\system32\dllcache\t​cpip.sys
 2007-10-30 19:20  360064  34a663e7f74ae8b2c992c251334347​7e C:\WINDOWS\system32\drivers\tc​pip.sys
 .
 -- Snapshot reset to current date --
 .
 ((((((((((((((((((((((((((((((​((((((((((((   ÖØÒªµÇä›™n   ))))))))))))))))))))))))))))))​)))))))))))))))))))))))
 .
 .
 REGEDIT4
 *×¢Òâ* ¿Õ°× »òºÏ·¨µÄµÇä›ÖµŒ¢² »•þï@ʾ.

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-12C9-4305-82F9-43058F20E8D2}]
 2008-03-13 06:50 255296 --a------ C:\Program Files\Tencent\QQDownload\QQIEH​elper02.dll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10FDCE1E-C36A-474E-808E-248C51693DB7}]
 1982-04-30 18:17 32768 --a------ C:\WINDOWS\system32\Nessery.dl​l

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{170165F1-9F65-569F-F895-F14F58F41071}]
 2004-08-08 19:45 533764 --------- C:\WINDOWS\system32\lofsajbo.d​ll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17A924AF-1A5F-CF21-AB1D-1D5CF82A8A71}]
 2004-08-08 19:46 536324 --------- C:\WINDOWS\system32\zywlaime.d​ll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{192C0424-8358-4EB4-B62D-F91821BC0745}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AB1F65A-964F-4AE7-B254-05146A0E602E}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29CF293A-1E7D-4069-9E11-E39698D0AF95}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{328DF602-9541-A985-210A-984A698C6F23}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37FD640A-158F-48AC-FD14-1597F14A9773}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4319A1F1-9410-9654-3201-345FFA349134}]
 2004-08-08 19:45 537096 ---hs---- C:\WINDOWS\system32\zywmdime.d​ll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A041F13-A111-12A3-B0CF-F99818AA68A4}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A59145F-315D-BC23-AC1F-145DF81A34A5}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669751ED-D558-49AE-B01A-3B374CC7910E}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F76F60B-FF04-4E59-8C6B-B9B53B6EA368}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB3412B6-6D67-4650-B3B4-C2A90191A80F}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCEAF8AB-7DC0-4E09-8E8D-163C1024E04B}]
    C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2006-04-15 02:00 15360]
 "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
 "svchost"="C:\WINDOWS\system32​\explorer.exe" [ ]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "KavStart"="C:\KAV2006\KAVStar​t.exe" [ ]
 "CnsM.dll"="C:\PROGRA~1\3721\C​nsM.dll" [ ]
 "helper.dll"="C:\PROGRA~1\3721​\helper.dll" [ ]
 "CnsMin"="C:\WINDOWS\DOWNLO~1\​CnsMin.dll" [ ]
 "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched​.exe" [2007-07-20 20:37 185896]
 "TuoTu"="C:\Program Files\Tuotu\Tuotu.exe" [ ]
 "stup.exe"="C:\PROGRA~1\TENCEN​T\SSPlus\SPlus.dll" [2007-06-13 09:59 159744]
 "TBMExe"="C:\WINDOWS\Fonts\73f​d1ecc0e85c55597ca6a0ae0dbd951\​system\svchost.exe" [ ]
 "fmsjhif"="C:\WINDOWS\fmsjhif.​exe" [ ]
 "fmsbbqi"="C:\WINDOWS\fmsbbqi.​exe" [ ]
 "dionpis"="C:\WINDOWS\dionpis.​exe" [ ]
 "bincdwsa"="C:\WINDOWS\bincdws​a.exe" [ ]
 "xpngipwm"="C:\WINDOWS\pgpmxxv​d.exe" [2008-05-09 15:34 20645]
 "huifitc"="C:\WINDOWS\huifitc.​exe" [ ]
 "mfchlp64"="C:\WINDOWS\mfchlp6​4.exe" [ ]
 "fiosectc"="C:\WINDOWS\fiosect​c.exe" [ ]
 "ticisms"="C:\WINDOWS\ticisms.​exe" [ ]
 "tciocp32"="C:\WINDOWS\tciocp3​2.exe" [ ]
 "LoveHebe"="C:\WINDOWS\system3​2\vistaA.exe" [2008-04-26 13:51 22016]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\RunOnce]
 "52pgnw8k"="C:\WINDOWS\system3​2\ %systemroot%\system32\52pgnw8k​.dll" [ ]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\CTFMON.EXE" [2006-04-15 02:00 15360]

 C:\WINDOWS\system32\config\sys​temprofile\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æ​ô¶¯\
 dflljy.exe [2008-04-28 13:31:14 63112]

 C:\WINDOWS\system32\config\sys​temprofile\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æ​ô¶¯\
 dflljy.exe [2008-04-28 13:31:14 63112]

 C:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\
 explorer.exe [2008-05-24 13:53:18 471040]
 office.lnk - C:\WINDOWS\system\sgcxcxxaspf0​80522.exe [2008-05-23 13:01:52 112740]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\explorer\run]
 "myccgj"= rundll32.exe C:\WINDOWS\system32\mycc080302​.dll mymain
 "zhqb_df"= rundll32.exe C:\WINDOWS\system\zhqbdf080427​.dll zhqb16
 "ccwl"= rundll32.exe C:\WINDOWS\system32\ccwld16_08​0426.dll ccwl16
 "cchh"= rundll32.exe C:\WINDOWS\system32\mywcc08050​1.dll bgdll
 "zsmstc"= rundll32.exe C:\WINDOWS\system32\mxcdcsrv16​_080417.dll start

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​policies\explorer\run]
 "zsms_check"= rundll32.exe C:\WINDOWS\system32\zsmscheck0​80423.dll ccwljk16

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\shellexecutehooks]
 "{FCEAF8AB-7DC0-4E09-8E8D-163C​1024E04B}"= C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys [ ]
 "{e6b5dc4a-6b2f-42ec-8393-3ae0​c5f3770f}"= C:\WINDOWS\system32\ttKAFKAF10​65.dll [ ]
 "{6a4c8648-b38c-4f16-84ac-90df​19880383}"= C:\WINDOWS\system32\dqSUCSUC10​42.dll [ ]
 "{CAED0F3B-DF8B-4DBF-BB20-8DFB​C3199068}"= C:\WINDOWS\system32\jhrcar.dll [ ]
 "{6E6CA8A1-81BC-4707-A54C-F490​3DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [ ]
 "{45AADFAA-DD36-42AB-83AD-0521​BBF58C24}"= C:\WINDOWS\system32\zjydcx.dll [ ]
 "{B29583D8-033A-4B9F-8553-7C54​58F3FB8E}"= C:\WINDOWS\system32\jdsaex.dll [ ]
 "{170165F1-9F65-569F-F895-F14F​58F41071}"= C:\WINDOWS\system32\lofsajbo.d​ll [2004-08-08 19:45 533764]
 "{4319A1F1-9410-9654-3201-345F​FA349134}"= C:\WINDOWS\system32\zywmdime.d​ll [2004-08-08 19:45 537096]
 "{17A924AF-1A5F-CF21-AB1D-1D5C​F82A8A71}"= C:\WINDOWS\system32\zywlaime.d​ll [2004-08-08 19:46 536324]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "vidc.xivd"= C:\Program Files\StormII\codec\xvidvfw.dl​l

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\360rpt.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\360Safe.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\360tray.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\adam.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AgentSvr.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AppSvc32.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\auto.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AutoRun.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\autoruns.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\avgrssvc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AvMonitor.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\avp.com]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\avp.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\CCenter.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\cross.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\enc98.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\FileDsty.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\guangd.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\HijackThis.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\IceSword.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\iparmo.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Iparmor.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kabaload.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KASMain.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KASTask.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAV32.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVDX.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVSetup.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVStart.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KISLnchr.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KMailMon.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KMFilter.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KPFW32.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KPFW32X.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KPFWSvc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KRegEx.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KRepair.COM]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KsLoader.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVCenter.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvDetect.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kvol.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kvolself.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvReport.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVStub.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kvupload.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVwsc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvXP.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KWatch.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KWatchX.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\loaddll.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\MagicSet.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\mcconsol.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\mmqczj.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\mmsk.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\nod32kui.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\PFW.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\QHSET.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\QQDoctor.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Ras.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Rav.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\RavMon.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\RAVmonD.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\RavStub.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\RavTask.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\RegClean.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\rfwcfg.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\RfwMain.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\rfwsrv.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\RsAgent.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Rsaupd.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\runiep.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\safelive.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\SCAN32.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\SDGames.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\shcfg32.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\ShuiNiu.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\SmartUp.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\sos.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\SREng.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\svch0st.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\SysSafe.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Systom.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\taskmgr.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\TNT.Exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\TrojanDetector.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Trojanwall.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\TrojDie.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\TxoMoU.Exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UFO.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UIHost.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UmxAgent.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UmxAttachment.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UmxCfg.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UmxFwHlp.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UmxPol.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\UpLive.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\WoptiClean.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\XP.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\zxsweep.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\lsa]
 Authentication Packages REG_MULTI_SZ    msv1_0 nwprovau

 °²È« Ä£Ê½µÇä›™nÒÑ“p‰Ä£¬ëŠÄXÄ¿Ç°​Ÿo·¨ßMÈ밲ȫ Ä£Ê½

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\{4D36E967-E325-11CE-B​FC1-08002BE10318}]
 @="DiskDrive"

 [HKLM\~\startupfolder\C:^Docume​nts and Settings^All Users^¡¸¿ªÊ¼¡¹²Ëµ¥^³ÌÐò^Æô¶¯^½​ðɽÍøïÚ 2006.lnk]
 path=C:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\½​ðɽÍøïÚ 2006.lnk
 backup=C:\WINDOWS\pss\½ðɽÍøïÚ 2006.lnkCommon Startup

 [HKLM\~\startupfolder\C:^Docume​nts and Settings^user^¡¸¿ªÊ¼¡¹²Ëµ¥^³ÌÐò^Æô¶¯^PPS.lnk]
 path=C:\Documents and Settings\user\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐ​ò\Æô¶¯\PPS.lnk
 backup=C:\WINDOWS\pss\PPS.lnkS​tartup

 [HKLM\~\startupfolder\C:^Docume​nts and Settings^user^¡¸¿ªÊ¼¡¹²Ëµ¥^³ÌÐò^Æô¶¯^QQÓÎÏ·Æô¶¯¼ÓËÙ³ÌÐò.lnk]
 path=C:\Documents and Settings\user\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐ​ò\Æô¶¯\QQÓÎÏ·Æô¶¯¼ÓËÙ³ÌÐò.lnk
 backup=C:\WINDOWS\pss\QQÓÎÏ·Æô​¶¯¼ÓËÙ³ÌÐò.lnkStartup

 [HKLM\~\startupfolder\C:^Docume​nts and Settings^user^¡¸¿ªÊ¼¡¹²Ëµ¥^³ÌÐò^Æô¶¯^ÌÚѶQQ.lnk]
 path=C:\Documents and Settings\user\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐ​ò\Æô¶¯\ÌÚѶQQ.lnk
 backup=C:\WINDOWS\pss\ÌÚѶQQ.l​nkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\KavPFW]
 C:\KAV2006\KPFW32.EXE

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\MsnMsgr]
 --a------ 2007-05-17 14:11 5729136 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\PPS Accelerator]
 --a------ 2008-04-28 13:27 171168 E:\PPStream\ppsap.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\QQDownload]
 --a------ 2008-04-26 13:25 1316336 C:\Program Files\Tencent\QQDownload\QQDow​nload.exe

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\system32\\sessmgr.e​xe"=
 "C:\\Documents and Settings\\user\\My Documents\\BitComet\\BitComet.​exe"=
 "C:\\Program Files\\Tencent\\QQDownload\\QQ​Download.exe"=
 "C:\\Program Files\\Tencent\\QQDownload\\QD​AutoUpdate.exe"=
 "C:\\Program Files\\Tencent\\QQGame\\QQGame​Dl.exe"=
 "C:\\Downloads\\qqr2_v1.3.0-v1​.3.3_dl.exe"=
 "D:\\ÓÎÏ·wc3\\WC3\\ÓÎÏ·\\War3.​exe"=
 "D:\\ÓÎÏ·wc3\\WC3\\ÓÎÏ·\\Warcr​aft III.exe"=
 "C:\\Program Files\\Common Files\\snda shared\\SDPrePlugin\\GameDownl​oad\\sdDownLoad.exe"=
 "C:\\Program Files\\Tencent\\QQGame\\Downlo​ad\\qqr2_v1.3.5_Full_dl.exe"=
 "E:\\PPStream\\PPStream.exe"=
 "E:\\PPStream\\PPSAP.exe"=
 "D:\\ÅÝÅÝÓÎÏ·\\QQGAME\\QQGameD​l.exe"=
 "D:\\ÅÝÅÝÓÎÏ·\\QQGAME\\Downloa​d\\QQTang2.2Beta0114.exe"=
 "D:\\QQGAME\\QQGameDl.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"​=
 "C:\\WINDOWS\\sviec.exe"=

 R0 fwvhosk;fwvhosk;C:\WINDOWS\sys​tem32\drivers\fwvhosk.sys [2007-07-31 11:34]
 R0 QKeyService;QKeyServiceDisplay​;C:\WINDOWS\system32\KeyCrypt.​sys [2007-07-22 16:33]
 R1 KWatch3;KWatch3;C:\WINDOWS\sys​tem32\drivers\KWatch3.SYS [2005-12-06 10:24]
 R2 applications;Windows Presentation Foundation (WPF);C:\WINDOWS\System32\svch​ost.exe [2006-04-15 02:00]
 R2 ccosm;Contrl Center of Storm Media;C:\Program Files\StormII\stormliv.exe [2008-05-23 18:05]
 R2 msp2p32;msp2p32;C:\WINDOWS\sys​tem32\drivers\msosmsp2p32.sys [2008-05-09 15:31]
 R2 Tracking;¹ÜÀíºÍ¼àÊÓÐÂÓ²ÅÌÇý¶¯Æ​÷²¢ÏòÂß¼­´ÅÅ̹ÜÀíÆ÷¹ÜÀí·þÎñ·¢Ë​;íµÄÐÅÏ¢ÒÔ±ãÅäÖá£;C:\WINDOWS​\system32\edling [2008-04-28 12:54]
 R2 winfirewall;winfirewall;C:\WIN​DOWS\ime\winupgrade.exe [2008-05-23 13:14]
 S0 2yib;2yi;C:\WINDOWS\system32\D​RIVERS\2yib.sys [2006-04-15 02:00]
 S0 hwim;hwim;C:\WINDOWS\system32\​drivers\hwim.sys [2006-04-15 02:00]
 S1 ADProt;ADProt;C:\WINDOWS\syste​m32\drivers\ADProt.sys [2008-04-25 14:20]
 S2 BCE37;BCE37;C:\WINDOWS\system3​2\BCE37.exe [2008-05-23 13:53]
 S2 CnsStd;CnsStd;C:\WINDOWS\syste​m32\drivers\CnsStd.sys []
 S2 RemoteServer;Windows China Driver;C:\WINDOWS\system32\nts​erver.exe [2006-04-15 02:00]
 S2 wscsvcs;Security Centers;C:\WINDOWS\system32\se​rvciesd.exe [2008-05-24 17:20]
 S3 047671;047671;C:\WINDOWS\syste​m32\drivers\047671.sys [2007-06-13 09:58]
 S3 Ndisprot;Network Monitor Protocol Driver;C:\WINDOWS\system32\DRI​VERS\winsys.sys []
 S3 npkycryp;npkycryp;C:\WINDOWS\s​ystem32\npkycryp.sys []
 S3 TesSafe;TesSafe;C:\WINDOWS\sys​tem32\TesSafe.sys [2008-04-06 15:17]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 applications REG_MULTI_SZ    applications

 .
 ******************************​******************************​**************

 catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-05-25 01:09:38
 Windows 5.1.2600 Service Pack 2 NTFS

 ’ßÃèë[²ØµÄ³ÌÐò ...

 C:\WINDOWS\system32\edling [3040] 0x815B3BE0

 ’ßÃèë[²ØµÄßM³Ì ...

 HKLM\Software\Microsoft\Window​s\CurrentVersion\Run
 CnsM.dll = Rundll32.exe C:\PROGRA~1\3721\CnsM.dll,Rund​ll32??????????????????????????​??????????????????????????????​??????????????????????????????​??????????????????????????????​??????????????????????????????​??????????????????????????????​??????????????????????????????​??????
 LoveHebe = C:\WINDOWS\system32\vistaA.exe​??????`??????????C:\WINDOWS\sy​stem32\vistaA.exe?????????????​?????C:\WINDOWS\system32\vista​A.exe?????????????????????????​??????????????????????????????​??????????????????????????????​??????????????????????????????​?????????????

 ’ßÃèë[²ØµÄ™n°¸ ...


 C:\WINDOWS\pwisys.ini 34 bytes
 C:\WINDOWS\system32\Mousie.exe 67584 bytes executable

 ’ßÃèÍê³É
 ë[²Ø™n°¸: 2

 ******************************​******************************​**************

 [HKEY_LOCAL_MACHINE\System\Cont​rolSet001\Services\Tracking]
 "ImagePath"="C:\WINDOWS\system​32\edling"
 .
 ------------------------ Other Running Processes ------------------------
 .
 D:\a-squared Free\a2service.exe
 C:\net.exe
 C:\WINDOWS\system32\conime.exe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\Program Files\win.ini
 C:\Qoobox\Quarantine\C\WINDOWS​\system32\inf\svchosts.exe.vir​\
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\WINDOWS\system32\wscntfy.ex​e
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\Documents and Settings\servciesa.exe
 .
 ******************************​******************************​**************
 .
 Íê³É•rég: 2008-05-25  1:13:55 - machine was rebooted
 ComboFix-quarantined-files.txt  2008-05-24 23:13:51

8 ¸öĿ¼    712,245,248 ¿ÉÓÃ×Ö½Ú

10 ¸öĿ¼    638,361,600 ¿ÉÓÃ×Ö½Ú

 915 --- E O F --- 2008-05-23 18:15:31




(Publicité)
yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 25/05/2008 à 01:06:43  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Et voici un nouveau rapport Hijackthis :

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 1:21:24, on 2008-5-25
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 D:\a-squared Free\a2service.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\StormII\stormliv.exe
 c:\net.exe
 C:\WINDOWS\system32\conime.exe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\vistaA.exe
 C:\WINDOWS\system32\rundll32.e​xe
 C:\WINDOWS\system32\ctfmon.exe
 c:\Program Files\win.ini
 C:\WINDOWS\system32\inf\svchos​ts.exe
 C:\program files\internet explorer\iexplore.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\ime\winupgrade.exe
 C:\WINDOWS\system32\wscntfy.ex​e
 C:\Program Files\Internet Explorer\IEXPLORE.EXE
 C:\WINDOWS\System32\alg.exe
 C:\program files\internet explorer\iexplore.exe
 C:\Documents and Settings\servciesa.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\WINDOWS\explorer.exe
 C:\Program Files\Trend Micro\HijackThis\user.exe
 C:\WINDOWS\system32\wbem\wmipr​vse.exe

 O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058​F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEH​elper02.dll
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: Accounts Manager - {10FDCE1E-C36A-474E-808E-248C5​1693DB7} - C:\WINDOWS\system32\Nessery.dl​l
 O2 - BHO: lofsajbo.dll - {170165F1-9F65-569F-F895-F14F5​8F41071} - C:\WINDOWS\system32\lofsajbo.d​ll
 O2 - BHO: zywlaime.dll - {17A924AF-1A5F-CF21-AB1D-1D5CF​82A8A71} - C:\WINDOWS\system32\zywlaime.d​ll
 O2 - BHO: zywmdime.dll - {4319A1F1-9410-9654-3201-345FF​A349134} - C:\WINDOWS\system32\zywmdime.d​ll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: (no name) - {FCEAF8AB-7DC0-4E09-8E8D-163C1​024E04B} - C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys (file missing)
 O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4​567E486} - D:\btcomet\BitComet\BitCometBa​r\BitCometBar0.2.dll
 O3 - Toolbar: (no name) - {29CF293A-1E7D-4069-9E11-E3969​8D0AF95} - (no file)
 O4 - HKLM\..\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
 O4 - HKLM\..\Run: [CnsM.dll] Rundll32.exe C:\PROGRA~1\3721\CnsM.dll,Rund​ll32
 O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.e​xe C:\PROGRA~1\3721\helper.dll,Ru​ndll32
 O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll​,Rundll32
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched​.exe"  -osboot
 O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
 O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPl​us.dll,Rundll32 R
 O4 - HKLM\..\Run: [TBMExe] C:\WINDOWS\Fonts\73fd1ecc0e85c​55597ca6a0ae0dbd951\system\svc​host.exe
 O4 - HKLM\..\Run: [fmsjhif] C:\WINDOWS\fmsjhif.exe
 O4 - HKLM\..\Run: [fmsbbqi] C:\WINDOWS\fmsbbqi.exe
 O4 - HKLM\..\Run: [dionpis] C:\WINDOWS\dionpis.exe
 O4 - HKLM\..\Run: [bincdwsa] C:\WINDOWS\bincdwsa.exe
 O4 - HKLM\..\Run: [xpngipwm] C:\WINDOWS\pgpmxxvd.exe
 O4 - HKLM\..\Run: [huifitc] C:\WINDOWS\huifitc.exe
 O4 - HKLM\..\Run: [mfchlp64] C:\WINDOWS\mfchlp64.exe
 O4 - HKLM\..\Run: [fiosectc] C:\WINDOWS\fiosectc.exe
 O4 - HKLM\..\Run: [ticisms] C:\WINDOWS\ticisms.exe
 O4 - HKLM\..\Run: [tciocp32] C:\WINDOWS\tciocp32.exe
 O4 - HKLM\..\Run: [LoveHebe] C:\WINDOWS\system32\vistaA.exe
 O4 - HKLM\..\RunOnce: [52pgnw8k] %systemroot%\system32\Rundll32​.exe  %systemroot%\system32\52pgnw8k​.dll,DllUnregisterServer
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKLM\..\Policies\Explorer\Run: [myccgj] rundll32.exe C:\WINDOWS\system32\mycc080302​.dll mymain
 O4 - HKLM\..\Policies\Explorer\Run: [zhqb_df] rundll32.exe C:\WINDOWS\system\zhqbdf080427​.dll zhqb16
 O4 - HKLM\..\Policies\Explorer\Run: [ccwl] rundll32.exe C:\WINDOWS\system32\ccwld16_08​0426.dll ccwl16
 O4 - HKLM\..\Policies\Explorer\Run: [cchh] rundll32.exe C:\WINDOWS\system32\mywcc08050​1.dll bgdll
 O4 - HKLM\..\Policies\Explorer\Run: [zsmstc] rundll32.exe C:\WINDOWS\system32\mxcdcsrv16​_080417.dll start
 O4 - HKCU\..\Policies\Explorer\Run: [zsms_check] rundll32.exe C:\WINDOWS\system32\zsmscheck0​80423.dll ccwljk16
 O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
 O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
 O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - S-1-5-18 Startup: dflljy.exe (User 'SYSTEM')
 O4 - .DEFAULT Startup: dflljy.exe (User 'Default user')
 O4 - Startup: ¿ªÆÁ×ÀÃæ »­±¨.lnk = ?
 O4 - Global Startup: explorer.exe
 O4 - Global Startup: office.lnk = C:\WINDOWS\system\sgcxcxxaspf0​80522.exe
 O8 - Extra context menu item: &ʹÓ󬼶Ðý·çÏÂÔØ - C:\Program Files\Tencent\QQDownload\getur​l.htm
 O8 - Extra context menu item: &ʹÓ󬼶Ðý·çÏÂÔØÈ« ²¿Á´½Ó - C:\Program Files\Tencent\QQDownload\getAl​lurl.htm
 O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\AddEmotion.htm
 O9 - Extra button: ÑÅ »¢WIDGET - {6354ABE6-05F1-49ed-B850-E4231​20EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
 O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-52128​8C52977} - C:\Program Files\PPLive\PPLive.exe (file missing)
 O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-52128​8C52977} - C:\Program Files\PPLive\PPLive.exe (file missing)
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
 O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.d​ll
 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
 O23 - Service: Avira AntiVir Personal ¨C Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
 O23 - Service: Avira AntiVir Personal ¨C Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
 O23 - Service: BCE37 - Unknown owner - C:\WINDOWS\system32\BCE37.exe
 O23 - Service: Contrl Center of Storm Media (ccosm) - ±±¾©±©·çÍø¼Ê¿Æ¼¼ÓÐÏÞ¹« Ë¾ - C:\Program Files\StormII\stormliv.exe
 O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - C:\KAV2006\KPfwSvc.EXE (file missing)
 O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - (no file)
 O23 - Service: Windows China Driver (RemoteServer) - Unknown owner - C:\WINDOWS\system32\ntserver.e​xe
 O23 - Service: ¹ÜÀíºÍ¼àÊÓÐÂÓ²ÅÌÇý¶¯Æ÷²¢ÏòÂß¼­​´ÅÅ̹ÜÀíÆ÷¹ÜÀí·þÎñ·¢Ë;íµÄÐÅÏ¢​ÒÔ±ãÅäÖᣠ(Tracking) - Unknown owner - C:\WINDOWS\system32\edling
 O23 - Service: winfirewall - Unknown owner - C:\WINDOWS\ime\winupgrade.exe
 O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
 O23 - Service: Security Centers (wscsvcs) - Unknown owner - C:\WINDOWS\system32\servciesd.​exe

 --
 End of file - 8122 bytes

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 25/05/2008 à 09:38:15  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Bonjour,

 Bon il y a déjà du mieux, mais il y a aussi encore plein de ménage à faire :)

 A la racine du disque dur, il devrait y avoir un dossier C:\Qoobox\ créé par combofix. Peux-tu me dire quelle taille il fait ? Combien de Ko ou de Mo ?

 Merci :jap:

 Après on passe à la suite :super:

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 25/05/2008 à 10:51:19  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjours,

 Alors le dossier Qoobox fait 20.4 Mo.

(Publicité)
merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 25/05/2008 à 11:00:05  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Bonjour,

 Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

 Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
 ***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomput [...] /SDFix.exe ***

 N.B : Si pendant le téléchargement et/ou l’installation tu reçois une alerte de ton antivirus, ignore-là. Certains composants de SDFix peuvent être détectés comme un virus par certains antivirus.

 
  • Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
Déroule la liste des instructions ci-dessous :
 
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier  SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

 Note : Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
 Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

 Aide : Comment utiliser SDFix.

 ;)
[/b]

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 25/05/2008 à 11:15:30  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re,

 On va continuer à élaguer ;)

 Télécharge MalwareByte's Anti-Malware sur ton Bureau.
 Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

 Une fois l'installation et la mise à jour effectuées, exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
 
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
 -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
 REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

 AIDE : Tuto en images sur MBAM

 ;)

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 26/05/2008 à 11:34:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re bonjours,!!!

 je suis desole de pas pu vous donner de reponse hier pendant la journee, ce putin de PC que je vous ecris a l'heure actuel {qwerty} a enfin eu l acces a Internet chez moi !!! pour une raison inconnu la carte reseau marche a priori chez mon petit frere avec sa freebox, mais pas chez moi... j'ai tente par tous les moyens pendant la nuit en vain, ce matin je suis alle chercher une nouvelle carte reseau et ENFIN CA MARCHE  :jap:

 
 tout ca parce que je voulais installer votre logiciel et le mettre a jour directement dessus. Lorsque tout est effectue, je commence le scan et hop une erreur pendant le debut du scan :  Run-time error '6': overflow rah tout ca pour en arriver la  :grrr:

(Publicité)
merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 26/05/2008 à 11:39:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re,

 
  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

 AIDE : Tuto sur le scan en ligne

 NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

 ;)

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 19:34:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir!!!

 Bon décidément ce PC me donne bien du fil à retordre :sweat: ,  moi qui
 pensais que le problème d'accès internet résolu je vais enfin pouvoir suivre
 votre indication et exécuter rapidement les étapes, mais NON je ne suis
 pas au bout de la surprise avec ce PC...

 - quand j'ai voulu re acceder sur le forum avec le PC en question pour
 executer Kaspersky en ligne, le PC a soudainement "planté" partiellement,
 certains programmes ne répondaient plus et la connexion non plus...
 j'ai donc décidé de redémarrer le PC.

 -Et la c'est le drame.... le PC ne veut plus redémarrer :heink: !!!
 après le chargement bios et le "bip" normal, j'obtiens un écran noir
 avant l'apparition du logo winxp

 -Super... je pensais que c'est sans doute un virus ou trojan qui a endommagé
 un ou plusieurs fichiers qui permettent le démarrage du système, j'ai donc
 au début tenter par la console de récupération de réparer avec la commande
 fixboot et fixmbr.

 -Mais en fait non, c'était une erreur apparemment le problème ne venait pas
 de là, quoique je ne sais pas, mais en tout cas c'était pire car la commande
 fixmbr a carrément "supprimer" ma partition bootable  :/  

 -Du coup on ne peut plus accéder à cette partition, j'ai donc tenté avec un
 Cd bootable d'utiliser Testdiskpour restaurer cette partition perdue,
 et j'ai réussi, et réparer le secteur boot, mais lorsque je le rédémarre
 le disque dur n'a pas l'air de charger winXP j'ai donc refait la commande
 Fixboot et tout est redevenu comme avant. (c'est à dire le démarrage avec
 l'écran noir... :grrr: )

 -La solution le plus simple et radical serait de Formater cette partition et
 réinstaller windows XP mais justement c'est trop facile et je ne veux pas
 faire ça! je tenais à garder cette version de winXP Pro (chinois). Toutefois
 j'ai pensé au pire de faire une réparation de windows, mais je n'ai pas le
 Cd d'installation winxp Pro, j'ai que celui de XP home donc non impossible...

 -j'ai réfléchis pendant la nuit, j'ai donc décidé ce matin d'utiliser une
 autre technique: mettre le disque dur infecté en esclave sur un autre PC
 sain que j'ai resorti de la cave, et j'ai fait un scan avec antivir deja
 installé sur le PC sain, et la j'ai détecté environ 1500 infections sur
 le disque dur infecté :heink: (je pense que c'est normal car il y a les
 dossiers de restaurations..)je les ai donc mis en quarantaine, ensuite je
 remets le disque dur infecté en maitre pour tester...

 -Et la surprise, lors du démarrage je n'ai plus un écran noir avec rien du
 tout mais un message d'erreur qui me dit que le fichier "ntoskrnl.exe" est
 manquant, j'ai donc utiliser la console de récupération pour recopier ce
 fichier grâce au cd d'installation de winxp home.

 -j'ai ensuite redémarrer le système en priant, et ENFIN ça marche!! MAIS
 non...je suis bloqué aussitôt sur la session winXp Pro qui ne veut pas
 entrer...des que j'entre ca referme direct ok....  je me suis souvenu
 que lorsque on tente d'effacer certains spywares le registre peut
 laisser des séquelles et on a ce type de probléme, et il y a un rapport
 avec le fichier "userinit.exe" j'ai donc remis le disque dur en esclave
 et chercher si ce fichier existe, je l'ai trouvé sur le disque dur sain
 mais pas sur le disque dur infecté!!! à mon avis il a été infecté aussi
 et mon antivirus l'a enlevé, j'ai donc copié ce fichier depuis le DD
 sain sur le DD infecté.

 -Ensuite je redémarre avec le DD infecté en maitre... et CA MARCHE je peux
 entrer dans la session winXP !!! enfin!!  :jap:  

 Bon et c'est maintenant que je tente de faire un scan en ligne avec
 Kaspersky, mais encore problème... lorsque j'arrive à la page ou il faut
 installer ActiveX et des Maj bah ça bloque ici....donc je peux pas effectuer
 de scan en ligne... et désolé pour ce contre temps.

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 27/05/2008 à 19:51:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Bonsoir,

 Et bien félicitation  :super: Du bon travail tout ça ;)

 Comme quoi à distance des fois, on ne peut pas toujours être utile ( j'aurais eu du mal à faire ça à distance :D ).

 Cela dit, vu le degré de l'infection, le formatage me paraît préconisé, notamment pour être certain de ne laisser ni keyloger, ni rootkits ( on ne peut pas toujours les voir).

 Si tu comptes formater, dis-le moi.

 Sinon, on va recommencer avec un nouveau scan de combofix.

 Enfin si tu peux me poster le rapport d'antivir, je veux bien ;)

 ;)

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 20:31:03  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re,

 En effet je sais bien que le formatage est le meilleur moyen d'etre sur de
 tout nettoyer, toutefois vu que ce n'est pas mon PC, je prefere laisser
 comme ca, je tente juste de nettoyer le plus propre possible si il reste toujours des traces, tant pis ^^
 (d'ailleur maintenant le PC est beaucoup plus rapide en chargement,
 mais il y a toujours beaucoup d'erreurs venant du Rundll lors du démarrage,
 normal je pense)

 Et voici le rapport d'antivir lorsque le disque dur étant en mode esclave :
 (tres long rapport......)

 Avira AntiVir Personal
 Report file date: mardi 27 mai 2008  15:19

 Scanning for 1293923 virus strains and unwanted programs.

 Licensed to:      Avira AntiVir PersonalEdition Classic
 Serial number:    0000149996-ADJIE-0001
 Platform:         Windows XP
 Windows version:  (Service Pack 2)  [5.1.2600]
 Boot mode:        Normally booted
 Username:         SYSTEM
 Computer name:    ISIS-0416926806

 Version information:
 BUILD.DAT     : 8.1.00.295      16479 Bytes  09/04/2008 16:24:00
 AVSCAN.EXE    : 8.1.2.12       311553 Bytes  18/03/2008 09:02:56
 AVSCAN.DLL    : 8.1.1.0         53505 Bytes  07/02/2008 08:43:37
 LUKE.DLL      : 8.1.2.9        151809 Bytes  28/02/2008 08:41:23
 LUKERES.DLL   : 8.1.2.1         12033 Bytes  21/02/2008 08:28:40
 ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes  18/07/2007 10:33:34
 ANTIVIR1.VDF  : 7.0.3.2       5447168 Bytes  07/03/2008 13:08:58
 ANTIVIR2.VDF  : 7.0.4.53      1848832 Bytes  17/05/2008 12:34:44
 ANTIVIR3.VDF  : 7.0.4.100      258048 Bytes  27/05/2008 12:34:45
 Engineversion : 8.1.0.46
 AEVDF.DLL     : 8.1.0.5        102772 Bytes  25/02/2008 09:58:21
 AESCRIPT.DLL  : 8.1.0.33       266618 Bytes  27/05/2008 12:34:50
 AESCN.DLL     : 8.1.0.18       119156 Bytes  27/05/2008 12:34:50
 AERDL.DLL     : 8.1.0.20       418165 Bytes  27/05/2008 12:34:49
 AEPACK.DLL    : 8.1.1.5        364918 Bytes  27/05/2008 12:34:49
 AEOFFICE.DLL  : 8.1.0.18       192890 Bytes  27/05/2008 12:34:48
 AEHEUR.DLL    : 8.1.0.29      1253750 Bytes  27/05/2008 12:34:48
 AEHELP.DLL    : 8.1.0.14       115063 Bytes  27/05/2008 12:34:47
 AEGEN.DLL     : 8.1.0.21       303477 Bytes  27/05/2008 12:34:46
 AEEMU.DLL     : 8.1.0.6        430451 Bytes  27/05/2008 12:34:46
 AECORE.DLL    : 8.1.0.29       168311 Bytes  27/05/2008 12:34:45
 AVWINLL.DLL   : 1.0.0.7         14593 Bytes  23/01/2008 17:07:53
 AVPREF.DLL    : 8.0.0.1         25857 Bytes  18/02/2008 10:37:50
 AVREP.DLL     : 7.0.0.1        155688 Bytes  16/04/2007 13:26:47
 AVREG.DLL     : 8.0.0.0         30977 Bytes  23/01/2008 17:07:49
 AVARKT.DLL    : 1.0.0.23       307457 Bytes  12/02/2008 08:29:23
 AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes  28/02/2008 08:31:31
 SQLITE3.DLL   : 3.3.17.1       339968 Bytes  22/01/2008 17:28:02
 SMTPLIB.DLL   : 1.2.0.19        28929 Bytes  23/01/2008 17:08:39
 NETNT.DLL     : 8.0.0.1          7937 Bytes  25/01/2008 12:05:10
 RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes  10/03/2008 14:37:25
 RCTEXT.DLL    : 8.0.32.0        86273 Bytes  06/03/2008 12:02:11

 Configuration settings for the scan:
 Jobname.......................​...: Complete system scan
 Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
 Logging.......................​...: low
 Primary action...................: interactive
 Secondary action.................: ignore
 Scan master boot sector..........: on
 Scan boot sector.................: on
 Boot sectors.....................: C:, D:, E:, F:, G:,
 Scan memory......................: on
 Process scan.....................: on
 Scan registry....................: on
 Search for rootkits..............: off
 Scan all files...................: Intelligent file selection
 Scan archives....................: on
 Recursion depth..................: 20
 Smart extensions.................: on
 Macro heuristic..................: on
 File heuristic...................: medium

 Start of the scan: mardi 27 mai 2008  15:19

 The scan of running processes will be started
 Scan process 'avscan.exe' - '1' Module(s) have been scanned
 Scan process 'avcenter.exe' - '1' Module(s) have been scanned
 Scan process 'avgnt.exe' - '1' Module(s) have been scanned
 Scan process 'avguard.exe' - '1' Module(s) have been scanned
 Scan process 'sched.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'alg.exe' - '1' Module(s) have been scanned
 Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
 Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
 Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
 Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
 Scan process 'dslmon.exe' - '1' Module(s) have been scanned
 Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
 Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
 Scan process 'rundll32.exe' - '1' Module(s) have been scanned
 Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
 Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
 Scan process 'explorer.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'lsass.exe' - '1' Module(s) have been scanned
 Scan process 'services.exe' - '1' Module(s) have been scanned
 Scan process 'winlogon.exe' - '1' Module(s) have been scanned
 Scan process 'csrss.exe' - '1' Module(s) have been scanned
 Scan process 'smss.exe' - '1' Module(s) have been scanned
 28 processes with 28 modules were scanned

 Starting master boot sector scan:
 Master boot sector HD0

[INFO]      No virus was found!
 Master boot sector HD1

[INFO]      No virus was found!

 Start scanning boot sectors:
 Boot sector 'C:\'

[INFO]      No virus was found!
 Boot sector 'D:\'

[INFO]      No virus was found!
 Boot sector 'E:\'

[INFO]      No virus was found!
 Boot sector 'F:\'

[INFO]      No virus was found!
 Boot sector 'G:\'

[INFO]      No virus was found!

 Starting to scan the registry.
 The registry was scanned ( '31' files ).


 Starting the file scan:

 Begin scan in 'C:\'
 C:\hiberfil.sys

[WARNING]   The file could not be opened!
 C:\pagefile.sys

[WARNING]   The file could not be opened!
 C:\Documents and Settings\NGUYEN\.jpi_cache\jar​\1.0\java.jar-debb6b6-76d95f54​.zip
 [0] Archive type: ZIP
 --> GetAccess.class

[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AJ
 --> Installer.class

[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AK
 --> NewSecurityClassLoader.class

[DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.2
 --> NewURLClassLoader.class

[DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.3

[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AJ

[NOTE]      The file was moved to '48b20afe.qua'!
 C:\Documents and Settings\NGUYEN\.jpi_cache\jar​\1.0\loaderadv537.jar-51252aad​-644daf0e.zip
 [0] Archive type: ZIP
 --> Matrix.class

[DETECTION] Contains detection pattern of the Java virus JAVA/Beyond.D3
 --> Counter.class

[DETECTION] Contains detection pattern of the Java script virus JS/OpenConnect.J.1
 --> Dummy.class

[DETECTION] Is the Trojan horse TR/Forten.Java.2
 --> Parser.class

[DETECTION] Contains detection pattern of the Java script virus JS/OpenConnect.J.3

[DETECTION] Contains detection pattern of the Java virus JAVA/Beyond.D3

[NOTE]      The file was moved to '489d0b0d.qua'!
 C:\Documents and Settings\NGUYEN\Application Data\Malwarebytes\Malwarebytes​' Anti-Malware\Quarantine\QUAR1.​72762

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '487d0af5.qua'!
 Begin scan in 'D:\'
 D:\Program Files\Foster\TS_Mako\TS_MAKO.E​XE

[DETECTION] Contains detection pattern of the Windows virus W95/CIH

[NOTE]      The file was moved to '489b0d4e.qua'!
 D:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281795.EXE

[DETECTION] Contains detection pattern of the Windows virus W95/CIH

[NOTE]      The file was moved to '486e0dc5.qua'!
 Begin scan in 'E:\'
 E:\zzz.sys

[DETECTION] Is the Trojan horse TR/Dldr.Delf.fsd

[NOTE]      The file was moved to '48b60e11.qua'!
 E:\Deckard\System Scanner\backup\DOCUME~1\user\L​OCALS~1\Temp\mscss.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f0e0b.qua'!
 E:\Deckard\System Scanner\backup\DOCUME~1\user\L​OCALS~1\Temp\sviec.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '48a50e0e.qua'!
 E:\Deckard\System Scanner\backup\DOCUME~1\user\L​OCALS~1\Temp\~tsqafnr.tmp\swre​g.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0e10.qua'!
 E:\Documents and Settings\1.exe
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the worm WORM/Otwycal.I

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48a10dc8.qua'!
 E:\Documents and Settings\servciesa.exe

[DETECTION] Is the Trojan horse TR/Agent.67584.6

[NOTE]      The file was moved to '48ae0dff.qua'!
 E:\Documents and Settings\servciesb.exe
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.gvq Backdoor server programs

--> Object

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.ZJF Backdoor server programs

[NOTE]      The file was moved to '49d43840.qua'!
 E:\Documents and Settings\servciesc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0e00.qua'!
 E:\Documents and Settings\servciesd.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.AAEA.1 Backdoor server programs

[NOTE]      The file was moved to '49d43841.qua'!
 E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch​SmartSearch.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE]      The fund was classified as suspicious.

[NOTE]      The file was moved to '48ab0e0e.qua'!
 E:\Documents and Settings\All Users\Application Data\Storm\stormupdate.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab0e14.qua'!
 E:\Documents and Settings\All Users\&#12300;&#24320;&#22987;​&#12301;&#33756;&#21333;\&#312​43;&#24207;\&#21551;&#21160;\e​xplorer.exe

[DETECTION] Is the Trojan horse TR/Click.Agent.aib

[NOTE]      The file was moved to '48ac0e22.qua'!
 E:\Documents and Settings\user\Application Data\PPLive\Update\Update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00e22.qua'!
 E:\Documents and Settings\user\Application Data\QQ\3C76DD72E3D82D62087088​FD697032FF\QQTemp\QQChatRoom.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '487f0e04.qua'!
 E:\Documents and Settings\user\Application Data\QQ\3C76DD72E3D82D62087088​FD697032FF\QQTemp\QQGameHall.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48830e04.qua'!
 E:\Documents and Settings\user\Application Data\QQ\3C76DD72E3D82D62087088​FD697032FF\QQTemp\QQMusic.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48890e04.qua'!
 E:\Documents and Settings\user\Application Data\QQ\59B848686BA6270269CE15​953350482D\qqdoctor\selfupdate​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a80e1a.qua'!
 E:\Documents and Settings\user\Application Data\QQDoctor\_temp\SelfUpdate​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a80e1b.qua'!
 E:\Documents and Settings\user\Application Data\QQMusicUpdate\5F359D5B2CC​E3DAA82862C21ECE0313C\QQMusic\​7_12_0\QQMusic_Update_0712.zip​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48890e07.qua'!
 E:\Documents and Settings\user\Application Data\QQUpdate\4E959F948F7AB2B0​A3525DFE1FEAB871\Qzone\191030_​20_0\QzoneSetup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab0e31.qua'!
 E:\Documents and Settings\user\Application Data\Tencent\QQDownload\115248​456\829642b68e9712e061c9709391​c53a8c.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48750ded.qua'!
 E:\Documents and Settings\user\Application Data\Tencent\QQLive\F9403723CA​B909B8EECE0A0077536429\CacheDo​wnload\QQLive5.01.3345.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48880e17.qua'!
 E:\Documents and Settings\user\Application Data\Tencent\QQLive\F9403723CA​B909B8EECE0A0077536429\CacheFi​le\QQLive5.01.3345.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48880e1c.qua'!
 E:\Documents and Settings\user\Hero108 Online\Game.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a90e3f.qua'!
 E:\Documents and Settings\user\Hero108 Online\Main.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50e3f.qua'!
 E:\Documents and Settings\user\Hero108 Online\UserPic.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10e52.qua'!
 E:\Documents and Settings\user\Hero108 Online\update\gengxin.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0e49.qua'!
 E:\Documents and Settings\user\Hero108 Online\update\UpdateGame.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00e54.qua'!
 E:\Documents and Settings\user\Hero108 Online\update\xinself.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0e4e.qua'!
 E:\Documents and Settings\user\Local Settings\Temp\DRDld\mbam-setup​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0e4b.qua'!
 E:\Documents and Settings\user\Local Settings\Temp\IXP000.TMP\1.exe

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a10e17.qua'!
 E:\Documents and Settings\user\Local Settings\Temp\IXP000.TMP\2.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10e18.qua'!
 E:\Documents and Settings\user\Local Settings\Temp\IXP001.TMP\1.exe

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '49df5ad9.qua'!
 E:\Documents and Settings\user\Local Settings\Temp\IXP001.TMP\2.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10e1a.qua'!
 E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6MTCA2CG\nia​o[1].exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0e54.qua'!
 E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\1[1].exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0e46.qua'!
 E:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\mot​ao[1].exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00e5b.qua'!
 E:\Documents and Settings\user\My Documents\BitComet\BitComet.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00e55.qua'!
 E:\Documents and Settings\user\My Documents\BitComet\uninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50e5b.qua'!
 E:\Documents and Settings\user\My Documents\BitComet\XCrashRepor​t.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0e30.qua'!
 E:\Documents and Settings\user\My Documents\BitComet\codec\Codec​Check.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00e5c.qua'!
 E:\Documents and Settings\user\My Documents\QQ\QQ2007Beta4.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0e41.qua'!
 E:\Documents and Settings\user\My Documents\QQ\QQ2008Beta1.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0e43.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\avg_free_stf_all_8_100a1295.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a30e7a.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\ComboFix.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a90e7c.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\dss.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af0e80.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\HJTInstall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48900e58.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\mplayerc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a80e7e.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\Pk&#29256;&#28779;&#24433;&#2​4525;&#32773;&#30340;&#28216;&​#25103;&#65292;&#32477;&#23545​;&#20540;&#24471;&#29645;&#342​55;&#12290;\NewsBarSetup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b30e75.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\Pk&#29256;&#28779;&#24433;&#2​4525;&#32773;&#30340;&#28216;&​#25103;&#65292;&#32477;&#23545​;&#20540;&#24471;&#29645;&#342​55;&#12290;\SCWU\SCWU.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930e56.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\Sagem800\Sagem800\autorun.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00e89.qua'!
 E:\Documents and Settings\user\&#26700;&#38754;​\Sagem800\Sagem800\setup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00e7a.qua'!
 E:\Downloads\qqr2_v1.3.0-v1.3.​3_dl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0e87.qua'!
 E:\Downloads\TuoTu_3.0.103.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab0e8b.qua'!
 E:\Program Files\win.ini

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48aa0e7f.qua'!
 E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0e7b.qua'!
 E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49d3435c.qua'!
 E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0e7f.qua'!
 E:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0e84.qua'!
 E:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\FRA\instmsiw.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af0e94.qua'!
 E:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\FRA\setup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00e8c.qua'!
 E:\Program Files\C-Media 3D Audio\Driver\Win_XP\CMIRMDRV.E​XE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48850e75.qua'!
 E:\Program Files\C-Media 3D Audio\Driver\Win_XP\SMWIZARD.E​XE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930e76.qua'!
 E:\Program Files\Common Files\FDEUnInstaller.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48810e6d.qua'!
 E:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0e81.qua'!
 E:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48900e81.qua'!
 E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48880e78.qua'!
 E:\Program Files\Common Files\Real\CNNIC\setup-real.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00e91.qua'!
 E:\Program Files\Common Files\Real\GToolbar\GDSSetup.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488f0e71.qua'!
 E:\Program Files\Common Files\Real\GToolbar\GoogleTool​barInstaller.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab0e9d.qua'!
 E:\Program Files\Common Files\Real\GToolbar\GoogleTool​barInstaller98.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49d643be.qua'!
 E:\Program Files\Common Files\Real\Update_OB\r1puninst​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac0e63.qua'!
 E:\Program Files\Common Files\Real\Update_OB\RealOneMe​ssageCenter.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0e97.qua'!
 E:\Program Files\Common Files\Real\Update_OB\realsched​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49e043b8.qua'!
 E:\Program Files\Common Files\Real\Update_OB\rnxproc.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b40ea1.qua'!
 E:\Program Files\Common Files\Real\Update_OB\upgrdhlp.​exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a30ea3.qua'!
 E:\Program Files\Common Files\snda shared\SDPrePlugin\sdupt.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b10e98.qua'!
 E:\Program Files\Common Files\snda shared\SDPrePlugin\GameDownloa​d\sdDownLoad.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48800e99.qua'!
 E:\Program Files\EbayShop\EbayShop.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0e99.qua'!
 E:\Program Files\EbayShop\EbayShopUnwise.​exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49e6337a.qua'!
 E:\Program Files\Google\Toolbar for Firefox\unzip.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b60ea6.qua'!
 E:\Program Files\Internet Explorer\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00e9e.qua'!
 E:\Program Files\Internet Explorer\svchost.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f0eaf.qua'!
 E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0e9c.qua'!
 E:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0e9d.qua'!
 E:\Program Files\Microsoft Silverlight\slup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b10ea7.qua'!
 E:\Program Files\Mozilla Firefox\firefox.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0ea6.qua'!
 E:\Program Files\Mozilla Firefox\updater.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00eae.qua'!
 E:\Program Files\Mozilla Firefox\xpicleanup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50eaf.qua'!
 E:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashU​til.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488f0e95.qua'!
 E:\Program Files\Mozilla Firefox\uninstall\helper.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a80eab.qua'!
 E:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48a70eaa.qua'!
 E:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48a70eaf.qua'!
 E:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48b00eb9.qua'!
 E:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48af0ebe.qua'!
 E:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48b20eb0.qua'!
 E:\Program Files\MSN Gaming Zone\Windows\zclientm.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '49c502d4.qua'!
 E:\Program Files\Real\RealOne Player\fixrjb.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b40eb3.qua'!
 E:\Program Files\Real\RealOne Player\GameHall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a90eac.qua'!
 E:\Program Files\Real\RealOne Player\realjbox.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0eb1.qua'!
 E:\Program Files\Real\RealOne Player\rphelperapp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a40ebd.qua'!
 E:\Program Files\Real\RealOne Player\Setup\setup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00eba.qua'!
 E:\Program Files\SogouInput\config.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0ec5.qua'!
 E:\Program Files\SogouInput\ConfigMover30​b2.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49c60a1e.qua'!
 E:\Program Files\SogouInput\ImeUtil.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10ec4.qua'!
 E:\Program Files\SogouInput\PinyinUp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0ec0.qua'!
 E:\Program Files\SogouInput\ScdMaker.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00ebb.qua'!
 E:\Program Files\SogouInput\ScdReg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cc0a64.qua'!
 E:\Program Files\SogouInput\ScdViewer.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00ebc.qua'!
 E:\Program Files\SogouInput\SkinReg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50ec4.qua'!
 E:\Program Files\SogouInput\SpeedMeter.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10eca.qua'!
 E:\Program Files\SogouInput\Uninstall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50ec8.qua'!
 E:\Program Files\SogouInput\userNetSchedu​le.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10ecd.qua'!
 E:\Program Files\SogouInput\UserPage.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10ece.qua'!
 E:\Program Files\SogouInput\UsrDictUtil.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0ece.qua'!
 E:\Program Files\StormII\Storm.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab0ed1.qua'!
 E:\Program Files\StormII\stormply.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab0ed2.qua'!
 E:\Program Files\StormII\uninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50ecc.qua'!
 E:\Program Files\Tencent\QQDownload\QDAut​oUpdate.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '487d0eac.qua'!
 E:\Program Files\Tencent\QQDownload\QQDow​nload.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48800eb9.qua'!
 E:\Program Files\Tencent\QQDownload\qqdow​nloadv1.0releasebuild060_PConl​ine.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00eda.qua'!
 E:\Program Files\Tencent\QQDownload\unins​t.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50ed7.qua'!
 E:\Program Files\Tencent\QQGame\Accel.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f0ece.qua'!
 E:\Program Files\Tencent\QQGame\QQGame.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48830ebe.qua'!
 E:\Program Files\Tencent\QQGame\QQGameDl.​exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49ff4b3f.qua'!
 E:\Program Files\Tencent\QQGame\Uninstall​.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50edb.qua'!
 E:\Program Files\Tencent\QQGame\chinesech​ecker\cc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486a0ed1.qua'!
 E:\Program Files\Tencent\QQGame\chinesech​ecker\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930ebc.qua'!
 E:\Program Files\Tencent\QQGame\ChnChess\​ChnChess.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0ed7.qua'!
 E:\Program Files\Tencent\QQGame\ChnChess\​UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930ebe.qua'!
 E:\Program Files\Tencent\QQGame\Crazyddz\​Crazyddz.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0ee5.qua'!
 E:\Program Files\Tencent\QQGame\Crazyddz\​UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930ec1.qua'!
 E:\Program Files\Tencent\QQGame\CrazySK\C​razySK.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0eea.qua'!
 E:\Program Files\Tencent\QQGame\CrazySK\U​NWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930ec6.qua'!
 E:\Program Files\Tencent\QQGame\DdzRpg\dd​zrpg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b60edf.qua'!
 E:\Program Files\Tencent\QQGame\DdzRpg\UN​WISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930eca.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQChnChess.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '487f0ed2.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQCrazyddz.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49111acb.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQCrazysk.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '487f0ed4.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQDdzRPG.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48800ed4.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQGame2007Release_setup.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48830ed4.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQMjRPG.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48890ed5.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQMoney.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48890ed8.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQPaopaolong.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488c0eda.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQPlane.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488c0edb.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQPocket.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488c0edc.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQPocketRPG.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488c0edd.qua'!
 E:\Program Files\Tencent\QQGame\Download\​qqr2_v1.3.5_Full_dl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0eff.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQThreecard.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48900edf.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQThs.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48900ee0.qua'!
 E:\Program Files\Tencent\QQGame\Download\​QQTiaoqi.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49fe1af9.qua'!
 E:\Program Files\Tencent\QQGame\MjRPG\mjr​pg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0f19.qua'!
 E:\Program Files\Tencent\QQGame\MjRPG\UNW​ISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930efd.qua'!
 E:\Program Files\Tencent\QQGame\Money\Con​fig.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0f21.qua'!
 E:\Program Files\Tencent\QQGame\Money\Mon​eyClient.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49c41b3a.qua'!
 E:\Program Files\Tencent\QQGame\Money\UNW​ISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930f01.qua'!
 E:\Program Files\Tencent\QQGame\paopaolon​g\paopaolong.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab0f15.qua'!
 E:\Program Files\Tencent\QQGame\paopaolon​g\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930f03.qua'!
 E:\Program Files\Tencent\QQGame\Plane\Pla​ne.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d0f22.qua'!
 E:\Program Files\Tencent\QQGame\Plane\UNW​ISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930f05.qua'!
 E:\Program Files\Tencent\QQGame\Pocket\Po​cket.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f0f26.qua'!
 E:\Program Files\Tencent\QQGame\Pocket\UN​WISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49fd1b1e.qua'!
 E:\Program Files\Tencent\QQGame\PocketRPG​\PocketRPG.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f0f2e.qua'!
 E:\Program Files\Tencent\QQGame\PocketRPG​\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930f0e.qua'!
 E:\Program Files\Tencent\QQGame\ThreeCard​\ThreeCard.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae0f33.qua'!
 E:\Program Files\Tencent\QQGame\ThreeCard​\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930f1a.qua'!
 E:\Program Files\Tencent\QQGame\TongHuaSh​un\TongHuaShun.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0f3d.qua'!
 E:\Program Files\Tencent\QQGame\TongHuaSh​un\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48930f1d.qua'!
 E:\Program Files\Tencent\QQGame\Update\up​date.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a00f40.qua'!
 E:\Program Files\Thomson SpeedTouch\ST330\Uninstall\stI​nstall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48850f45.qua'!
 E:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a60f3a.qua'!
 E:\Program Files\Trend Micro\HijackThis\user.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a10f45.qua'!
 E:\Program Files\TTPlayer\TTPlayer.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488c0f27.qua'!
 E:\Program Files\TTPlayer\uninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50f41.qua'!
 E:\Program Files\Windows Live\installer\Dashboard.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af0f35.qua'!
 E:\Program Files\Windows Live\installer\WLSetupSvc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488f0f20.qua'!
 E:\Program Files\Windows Live\Messenger\livecall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b20f3e.qua'!
 E:\Program Files\Windows Live\Messenger\msnmsgr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0f4a.qua'!
 E:\Program Files\Windows Live\Messenger\msvs.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b20f4a.qua'!
 E:\Program Files\Windows Live\Messenger\usnsvc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa0f4b.qua'!
 E:\Program Files\Windows Live\Messenger\Device Manager\dpinst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50f48.qua'!
 E:\Program Files\Windows Live\Messenger\Device Manager\dpinst64.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a50f49.qua'!
 E:\Program Files\Windows Live\Messenger\Device Manager\msgrdvmn.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a30f4c.qua'!
 E:\Program Files\Windows Media Player\migrate.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a30f43.qua'!
 E:\Program Files\Windows Media Player\setup_wm.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b00f40.qua'!
 E:\Program Files\Windows Media Player\wmlaunch.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a80f48.qua'!
 E:\Program Files\Windows Media Player\wmpenc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac0f48.qua'!
 E:\Program Files\Windows Media Player\wmplayer.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac0f49.qua'!
 E:\Program Files\Windows Media Player\wmsetsdk.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af0f49.qua'!
 E:\QooBox\Quarantine\catchme20​08-05-25_ 10929.14.zip
 [0] Archive type: ZIP
  --> Documents and Settings/user/catchme.zip

[1] Archive type: ZIP

--> bdguard.sys

[DETECTION] Is the Trojan horse TR/Rootkit.AK

--> bdgdins.dll

[DETECTION] Is the Trojan horse TR/Agent.AKL

[NOTE]      The file was moved to '48b00f3f.qua'!
 E:\QooBox\Quarantine\C\Documen​ts and Settings\All Users\Application Data\Microsoft\PCTools\pctools​.dll.vir

[DETECTION] Is the Trojan horse TR/BHO.Gen

[NOTE]      The file was moved to '48b00f42.qua'!
 E:\QooBox\Quarantine\C\Program Files\BaiDu\bar\BaiduBar.dll.v​ir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '49d52c1a.qua'!
 E:\QooBox\Quarantine\C\Program Files\BaiDu\bar\bdgdins.dll.vi​r

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '48a30f44.qua'!
 E:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.Sys.vir

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '48940f25.qua'!
 E:\QooBox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\SysWin16.Jmp.​vir
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.42

[NOTE]      The file was moved to '48af0f5a.qua'!
 E:\QooBox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys.​vir

[DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.42

[NOTE]      The file was moved to '49da2c13.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\1258.exe.vir

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '48710f13.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\29074.exe.vir

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '486c0f1b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\29259.exe.vir

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '486e0f1b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\33271.exe.vir

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '486e0f15.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\42678.exe.vir

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '48720f14.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\5540.exe.vir

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '48700f18.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\dbhlp32.exe.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a40f45.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\dionpis.exe.vir

[DETECTION] Is the Trojan horse TR/Hijacker.Gen

[NOTE]      The file was moved to '48ab0f4c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\dodolook135.exe.vir

[DETECTION] Contains detection pattern of the dropper DR/Cinmus.egv

[NOTE]      The file was moved to '48a00f52.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\fiosectc.exe.vir

[DETECTION] Is the Trojan horse TR/Hijacker.Gen

[NOTE]      The file was moved to '48ab0f4d.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\fmsjhif.exe.vir

[DETECTION] Is the Trojan horse TR/Hijacker.Gen

[NOTE]      The file was moved to '48af0f51.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\huifitc.exe.vir

[DETECTION] Is the Trojan horse TR/Hijacker.Gen

[NOTE]      The file was moved to '48a50f59.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\mfc42.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '489f0f4b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\tempaq.vir

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '48a90f4a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\ticisms.exe.vir

[DETECTION] Is the Trojan horse TR/Hijacker.Gen

[NOTE]      The file was moved to '489f0f4e.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\uusee.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48af0f5b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\Downloaded Program Files\keepmainM.cab.vir
 [0] Archive type: CAB (Microsoft)
 --> keepmain.dll

[DETECTION] Is the Trojan horse TR/Spy.CNSMin

[NOTE]      The file was moved to '48a10f4b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\Fonts\73fd1ecc0e85c55597ca6a0​ae0dbd951\system\clfmon.exe.vi​r

[DETECTION] Contains detection pattern of the worm WORM/Cekar.A

[NOTE]      The file was moved to '48a20f53.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\Fonts\73fd1ecc0e85c55597ca6a0​ae0dbd951\system\index.htm.vir

[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen

[NOTE]      The file was moved to '48a00f55.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\Fonts\73fd1ecc0e85c55597ca6a0​ae0dbd951\system\lmmh.exe.vir

[DETECTION] Is the Trojan horse TR/Hijacker.Gen

[NOTE]      The file was moved to '48a90f55.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\Fonts\73fd1ecc0e85c55597ca6a0​ae0dbd951\system\lmmh.gif.vir

[DETECTION] Is the Trojan horse TR/Hijacker.Gen

[NOTE]      The file was moved to '49d825ae.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\Fonts\73fd1ecc0e85c55597ca6a0​ae0dbd951\system\qq.exe.vir
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.42

[NOTE]      The file was moved to '486a0f59.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\Fonts\73fd1ecc0e85c55597ca6a0​ae0dbd951\system\qq.gif.vir
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the worm WORM/Autorun.FF.42

[NOTE]      The file was moved to '486a0f5a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system\lljy080426.exe.vir

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '48a60f55.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system\zhqb32.dll.vir

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '48ad0f51.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system\zhqbdf080424.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.94720.H

[NOTE]      The file was moved to '48ad0f52.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system\zhqbdf080427.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.94720.H

[NOTE]      The file was moved to '49c214eb.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\1.exe.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a10f18.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\1340.exe.vir

[DETECTION] Is the Trojan horse TR/Click.Agent.acc

[NOTE]      The file was moved to '48700f1d.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\1800.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE]      The file was moved to '486c0f23.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\3.exe.vir

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '48a10f19.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\5.exe.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/Dldr.Small.uxb
 --> Object

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48a10f1a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\amejup.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.47

[NOTE]      The file was moved to '48a10f59.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\azzxaime.exe.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48b60f66.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\bjrvm.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.10
 --> Object

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

[NOTE]      The file was moved to '48ae0f57.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\bmniqi.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48aa0f5a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\cedafb.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.jzi.2

[NOTE]      The file was moved to '49cf14eb.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dark.exe.vir

[DETECTION] Is the Trojan horse TR/Agent.gmf.1

[NOTE]      The file was moved to '48ae0f4f.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dbhlp32.dlL.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a40f50.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dionpis.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adrb

[NOTE]      The file was moved to '48ab0f57.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dqFKKFKK1063.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.9852

[NOTE]      The file was moved to '48820f60.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dqFKKFKK1063.exe.vir
 [0] Archive type: OVL
 --> Object

[DETECTION] Is the Trojan horse TR/Agent.9852
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akc

[NOTE]      The file was moved to '49ed14d9.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dqSUCSUC1042.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '488f0f60.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dqSUCSUC1042.exe.vir
 [0] Archive type: OVL
 --> Object

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '488f0f61.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dqWLVWLV1012.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.10985

[NOTE]      The file was moved to '48930f61.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\dqWLVWLV1012.exe.vir
 [0] Archive type: OVL
 --> Object

[DETECTION] Is the Trojan horse TR/Agent.10985
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv

[NOTE]      The file was moved to '48930f62.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\explorer.exe.vir

[DETECTION] Is the Trojan horse TR/Click.Agent.aib

[NOTE]      The file was moved to '48ac0f69.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\fiosectc.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ab0f5a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\fmsbbqi.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48af0f5e.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\fmsjhif.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48af0f5f.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\gjjte.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abmx.27

[NOTE]      The file was moved to '48a60f5c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\hfjg.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.20

[NOTE]      The file was moved to '48a60f58.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\huifitc.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a50f68.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\ijatnaw.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.6

[NOTE]      The file was moved to '489d0f5d.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\isdsasrv.exe.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a00f66.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\jdsaex.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.lgo

[NOTE]      The file was moved to '48af0f58.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\jfrwdh.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.kqw.4

[NOTE]      The file was moved to '48ae0f5a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\jhrcar.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ae0f5c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\jnqpydwx.dll.vir

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '48ad0f62.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\jyjlt.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.4
 --> Object

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

[NOTE]      The file was moved to '48a60f6e.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\KERNEL32.exe.vir

[DETECTION] Contains suspicious code HEUR/Malware

[NOTE]      The fund was classified as suspicious.

[NOTE]      The file was moved to '488e0f3a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\kniyhp.dll.vir

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '48a50f63.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\lariytrz.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.15

[NOTE]      The file was moved to '49c114e0.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\mfchlp64.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.47

[NOTE]      The file was moved to '489f0f5c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\mgmgmm.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.28

[NOTE]      The file was moved to '48a90f5d.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\mhozme.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ab0f5e.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\MMFKKLJK1071.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adlx

[NOTE]      The file was moved to '48820f44.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\MMSADZFB1045.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.10573

[NOTE]      The file was moved to '488f0f44.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\MMWLVAHB1017.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48930f44.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\mndscsrv.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a00f65.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\Mousie.exe.vir

[DETECTION] Is the Trojan horse TR/Agent.67584.6

[NOTE]      The file was moved to '48b10f67.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\msepbe.dll.vir.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aahm

[NOTE]      The file was moved to '48a10f6b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\msoscqit00.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ab0f6b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\msosdohs00.dll.vir

[DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EN

[NOTE]      The file was moved to '48ab0f6c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\msosfmsq00.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aenz

[NOTE]      The file was moved to '49c414d5.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\msosmhfp00.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adqf

[NOTE]      The file was moved to '48ab0f6e.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\msosmnsf00.dll.vir

[DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EM

[NOTE]      The file was moved to '48ab0f6d.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\msosping00.dll.vir

[DETECTION] Is the Trojan horse TR/Proxy.Xorpix.EG

[NOTE]      The file was moved to '49c414d6.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\Nessery.sys.vir

[DETECTION] Is the Trojan horse TR/Click.Agent.abn.7

[NOTE]      The file was moved to '49c014d8.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\oqrthc.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.19

[NOTE]      The file was moved to '48ae0f6b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\portablemsi.dll.vir

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48ae0f6a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\ptjhchlp.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a60f6f.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\qqjdzw.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a60f6c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\rgfjj.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '48a20f63.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\sehhter.dll.vir.vir
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aajr

[NOTE]      The file was moved to '48a40f61.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\sgrefg.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ae0f63.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\sichost.exe.vir
  --> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Is the Trojan horse TR/Click.Small.UG

--> Object

[DETECTION] Is the Trojan horse TR/Click.Agent.aam

--> Object

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.WV.1

--> Object

[DETECTION] Is the Trojan horse TR/Click.Small.UH.1


yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 20:38:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
[NOTE]      The file was moved to '489f0f66.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\sovlost.exe.vir

[DETECTION] Is the Trojan horse TR/Click.Small.UG

[NOTE]      The file was moved to '48b20f6c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\sperls.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.10

[NOTE]      The file was moved to '48a10f6d.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\spjhahlp.exe.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '49c914d7.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\tcpip.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48ac0f61.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\tcpip.l.vir

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '49c314da.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\tfsdmz.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.kuq.5

[NOTE]      The file was moved to '48af0f65.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\ticisms.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '489f0f68.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\ttKAFKAF1065.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48870f74.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\upsips.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NVI.54

[NOTE]      The file was moved to '48af0f70.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\url1.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Losabel.IC

[NOTE]      The file was moved to '48a80f72.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\vmvreg32.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE]      The file was moved to '48b20f6d.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\winini.exe.vir

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48aa0f6a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\winsys.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.VB.ebt

[NOTE]      The file was moved to '49c514d3.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\wyhesm.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aeil

[NOTE]      The file was moved to '48a40f7a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\xgnfn.dll.vir.vir
 [0] Archive type: RSRC
 --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abmx.28

[NOTE]      The file was moved to '48aa0f69.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\yixggm.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48b40f6b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\ywcbgfl.dll.vir

[DETECTION] Is the Trojan horse TR/CrashSystem.C

[NOTE]      The file was moved to '489f0f79.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\ywg32.dll.vir

[DETECTION] Is the Trojan horse TR/PSW.Onlineg.KC.2

[NOTE]      The file was moved to '48a30f7a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\ywtlgfl.dll.vir

[DETECTION] Is the Trojan horse TR/CrashSystem.C

[NOTE]      The file was moved to '48b00f7a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\zgfdet.dll.vir

[DETECTION] Is the Trojan horse TR/Agent.kns.2

[NOTE]      The file was moved to '48a20f6a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\zgxfdx.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48b40f6a.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\zjydcx.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48b50f6e.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\zpqjsr.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ad0f74.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\zqopap.dll.vir

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '48ab0f75.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\zxmsawin.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a90f7c.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\zyzxeime.dll.vir

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48b60f7e.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\drivers\hapdrv2.sys.​vir

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akt

[NOTE]      The file was moved to '48ac0f67.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\drivers\msosmsfpfis6​4.sys.vir

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ald

[NOTE]      The file was moved to '48ab0f79.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\drivers\ReloadAnti.s​ys.vir

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv

[NOTE]      The file was moved to '48a80f6b.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\drivers\winshow.sys.​vir

[DETECTION] Is the Trojan horse TR/Dldr.Delf.hhi.2

[NOTE]      The file was moved to '48aa0f70.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\drivers\XNGAnti.sys.​vir

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.ajv

[NOTE]      The file was moved to '48830f55.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\inf\scrsyszy080427.s​cr.vir

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '49de2c33.qua'!
 E:\QooBox\Quarantine\C\WINDOWS​\system32\oobe\2080\svchost.ex​e.vir

[DETECTION] Is the Trojan horse TR/Click.Delf.abn

[NOTE]      The file was moved to '489f0f7e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P335\A0281445.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f39.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P335\A0281446.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030342.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P335\A0281447.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f3b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P335\A0281475.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486e0f3a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P335\A0281476.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030343.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281774.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f3c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281775.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '49030344.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281776.exe

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f3d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281777.exe

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '49030346.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281778.exe

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '49030345.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281779.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f3e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281780.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '49030347.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281781.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f3f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281782.dll

[DETECTION] Is the Trojan horse TR/Agent.94720.H

[NOTE]      The file was moved to '49030338.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281783.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f41.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281784.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '4903033a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281785.exe

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f30.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281786.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '49030349.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281787.scr

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f32.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281788.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '4903034b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281789.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f43.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281790.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '4903033c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281791.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f40.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281792.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '49030339.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281793.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '486e0f42.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281794.dll

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE]      The file was moved to '4903033b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281796.sys

[DETECTION] Is the Trojan horse TR/Dldr.Delf.fsd

[NOTE]      The file was moved to '486e0f45.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281797.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903033e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281798.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '486e0f47.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281799.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030330.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281800.exe

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the worm WORM/Otwycal.I

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486e0f44.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281801.exe

[DETECTION] Is the Trojan horse TR/Agent.67584.6

[NOTE]      The file was moved to '4903033d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281802.exe

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.gvq Backdoor server programs

--> Object

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.ZJF Backdoor server programs

[NOTE]      The file was moved to '486e0f49.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281803.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030332.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281804.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.AAEA.1 Backdoor server programs

[NOTE]      The file was moved to '486e0f4b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281805.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f46.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281806.exe

[DETECTION] Is the Trojan horse TR/Click.Agent.aib

[NOTE]      The file was moved to '4903033f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281807.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f38.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281808.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030334.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281809.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030341.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281810.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f34.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281811.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f4d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281812.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030336.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281813.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f4f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281814.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f48.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281815.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030328.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281816.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f4a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281817.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030333.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281818.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f51.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281819.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903032a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281820.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f53.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281821.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903032c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281822.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f4c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281823.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030335.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281824.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f55.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281825.exe

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '4903032e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281826.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f4e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281827.exe

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '49030337.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281828.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903034d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281829.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f36.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281830.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f57.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281831.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030320.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281832.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f59.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281833.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f50.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281834.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030329.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281835.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f52.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281836.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030322.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281837.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f5b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281838.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f61.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281839.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f69.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281840.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f6a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281841.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030313.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281842.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f6b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281843.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030314.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281844.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f6d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281845.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f6c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281846.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030315.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281847.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f6e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281848.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030316.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281849.ini

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '49030317.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281850.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f60.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281851.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030319.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281852.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f6f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281853.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030308.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281854.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f71.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281855.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903030a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281856.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f70.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281857.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030309.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281858.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f73.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281859.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f72.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281860.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903030b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281861.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f74.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281862.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903030c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281863.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f75.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281864.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903030e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281865.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903030d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281866.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f77.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281867.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f76.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281868.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903030f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281869.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f68.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281870.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030300.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281871.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f79.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281872.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030302.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281873.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f7b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281874.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f78.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281875.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030301.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281876.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f7a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281877.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030303.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281878.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030304.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281879.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f7d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281880.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f7c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281881.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030305.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281882.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f7e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281883.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030306.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281884.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f7f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281885.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303f8.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281886.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '486e0f81.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281887.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '49030307.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281888.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '49030311.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281889.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '490303fa.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281890.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '486e0f83.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281891.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '490303fc.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281892.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f62.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281893.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903031b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281894.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f64.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281895.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903031d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281896.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f85.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281897.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f80.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281898.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303f9.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281899.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303fe.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281900.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f87.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281901.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f82.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281902.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303fb.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281903.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f84.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281904.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303fd.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281905.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303f0.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281906.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f89.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281907.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f86.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281908.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303ff.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281909.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303f2.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281910.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f8b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281911.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0878.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281912.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030401.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281913.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e087a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281914.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49030403.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281915.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '490303f4.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281916.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f8d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281917.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f88.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281918.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a09.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281919.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f8a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281920.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a0a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281921.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a0c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281922.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a0e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281923.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f8f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281924.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a0b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281925.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f8c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281926.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a0d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281927.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a10.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281928.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f91.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281929.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f8e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281930.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a0f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281931.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f90.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281932.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a12.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281933.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f93.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281934.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a11.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281935.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a14.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281936.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f95.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281937.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a16.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281938.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f92.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281939.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a13.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281940.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f97.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281941.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f96.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281942.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a17.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281943.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a18.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281944.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f99.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281945.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f98.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281946.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f9a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281947.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a1b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281948.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f9b.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281949.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a1c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281950.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f9d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281951.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a1e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281952.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f9c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281953.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a1d.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281954.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f9f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281955.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a20.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281956.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0f9e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281957.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a1f.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281958.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa0.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281959.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a21.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281960.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa1.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281961.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a22.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281962.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa3.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281963.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a24.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281964.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa2.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281965.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa5.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281966.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a26.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281967.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a23.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281968.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa4.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281969.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a25.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281970.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa6.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281971.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa7.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281972.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a28.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281973.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a27.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281974.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa9.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281975.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a2a.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281976.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fab.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281977.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fa8.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281978.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a29.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281979.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0faa.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281980.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a2c.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281981.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0fad.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281982.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49124a2e.qua'!
 E:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0281983.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e0faf.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098951.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486c0fa9.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098955.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49104a2a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098963.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.ebu

[NOTE]      The file was moved to '486c0faa.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098975.dll

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '49104a2b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098979.dll

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '486c0fac.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098980.exe

[DETECTION] Is the Trojan horse TR/Click.Agent.aib

[NOTE]      The file was moved to '486c0fab.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098982.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '49104a2d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0098987.dll

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '486c0fae.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099040.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486c0fad.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099049.dll

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '49104a2e.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099051.dll

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '486c0faf.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099053.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '49104a2f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099058.dll

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '486c0fb0.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099060.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.ebu

[NOTE]      The file was moved to '49104a31.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099065.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486c0fb2.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099071.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.ebu

[NOTE]      The file was moved to '49104a30.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099077.dll

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '49104a33.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099080.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486c0fb4.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0099081.dll

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '49104a35.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100071.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.ebu

[NOTE]      The file was moved to '486d0fb1.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100073.dll

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '49114a32.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100077.dll

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '486d0fb3.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100080.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '49114a34.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100082.exe

[DETECTION] Is the Trojan horse TR/Click.Agent.aib

[NOTE]      The file was moved to '486d0fb2.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100088.dll

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '49114a33.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100089.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fb7.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100143.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486d0fb8.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100146.ini

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '49114a39.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100149.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fba.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100151.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fb9.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100152.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a3a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100153.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a3b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100154.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486d0fbc.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100155.exe

[DETECTION] Contains suspicious code HEUR/Malware

[NOTE]      The fund was classified as suspicious.

[NOTE]      The file was moved to '486d0fbb.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100156.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a3c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100157.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fbd.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100158.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a3e.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100159.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a3d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100160.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fbe.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100161.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a3f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100162.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fc0.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100163.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a41.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100164.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fbf.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100165.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a40.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100166.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fc1.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100167.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fc2.qua'!

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 20:41:46  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100168.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a43.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100169.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a42.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100170.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fc4.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100171.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fc3.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100172.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a44.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100173.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a45.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100174.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fc6.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100175.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a47.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100176.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fcd.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100177.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fd3.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100178.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a54.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100179.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fd4.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100180.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a55.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100181.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fd5.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100182.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a56.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100183.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fd6.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100184.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a57.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100185.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fd8.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100186.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fd7.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100187.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a59.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100188.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fda.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100189.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a5b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100190.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fd9.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100191.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a5a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100192.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fdb.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100193.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a5c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100194.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fdc.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100195.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a5d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100196.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fdd.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100197.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fde.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100198.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a5f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100199.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe0.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100200.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a5e.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100201.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fdf.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100202.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a60.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100203.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a61.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100204.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe2.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100205.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a63.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100206.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe4.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100207.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe1.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100208.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a65.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100209.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe6.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100210.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a67.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100211.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a62.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100212.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe3.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100213.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a64.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100214.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe5.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100215.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe8.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100216.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a66.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100217.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe7.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100218.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a69.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100219.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fea.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100220.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a6b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100221.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a68.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100222.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fe9.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100223.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a6a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100224.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0feb.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100225.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fec.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100226.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a6c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100227.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fed.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100228.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a6d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100229.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a6e.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100230.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fee.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100231.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a6f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100232.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff0.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100233.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a71.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100234.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fef.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100235.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a70.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100236.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff2.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100237.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a73.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100238.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff1.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100239.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a72.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100240.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff4.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100241.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a75.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100242.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff6.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100243.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff3.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100244.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a74.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100245.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff5.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100246.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a77.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100247.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff8.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100248.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a76.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100249.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff7.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100250.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a79.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100251.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ffa.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100252.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a7b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100253.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a78.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100254.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ff9.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100255.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a7a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100256.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ffc.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100257.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ffb.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100258.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a7c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100259.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a7d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100260.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ffe.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100261.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0ffd.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100262.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a7f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100263.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a7e.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100264.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0fff.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100265.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0f00.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100266.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49114a81.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100267.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115580.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100268.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d0f02.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100269.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1001.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100270.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1000.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100271.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115581.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100272.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115582.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100273.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1003.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100274.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115584.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100275.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1002.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100276.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115583.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100277.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1005.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100278.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1004.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100279.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115585.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100280.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1006.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100281.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115587.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100282.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115586.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100283.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1007.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100284.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115588.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100285.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1009.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100286.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1008.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100287.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4911558a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100288.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d100b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100289.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115589.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100290.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d100a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100291.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4911558b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100292.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4911558c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100293.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d100d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100294.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4911558e.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100295.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d100f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100296.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d100c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100297.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115590.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100298.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1011.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100299.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4911558d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100300.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d100e.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100301.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4911558f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100302.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1010.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100303.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115592.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100304.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1013.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100305.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115594.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100306.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115591.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100307.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1015.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100308.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1012.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100309.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115593.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100310.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1014.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100311.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49115596.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100568.exe

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '486d101c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100569.exe

[DETECTION] Is the Trojan horse TR/PSW.Wow.awp

[NOTE]      The file was moved to '4911559d.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100580.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '486d101f.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100581.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '491155a0.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100582.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '486d1021.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100601.exe

[DETECTION] Is the Trojan horse TR/PSW.LdPinch.jm1

[NOTE]      The file was moved to '486d1020.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100602.exe

[DETECTION] Is the Trojan horse TR/PSW.LdPinch.jm1

[NOTE]      The file was moved to '491155a1.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100603.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486d1022.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100604.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '491155a2.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100605.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486d1023.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100623.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE]      The file was moved to '491155a4.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100624.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.ebt

[NOTE]      The file was moved to '486d1025.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100627.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '491155a6.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100628.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE]      The file was moved to '486d1024.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100629.exe

[DETECTION] Is the Trojan horse TR/Dldr.Losabel.IC

[NOTE]      The file was moved to '491155a5.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100689.exe

[DETECTION] Is the Trojan horse TR/Agent.67584.6

[NOTE]      The file was moved to '486d1027.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100695.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.ame.51

[NOTE]      The file was moved to '486d1028.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100696.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.amo.3 Backdoor server programs

[NOTE]      The file was moved to '491155a9.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100700.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '486d102a.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100702.exe

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Is the Trojan horse TR/Click.Small.UG

--> Object

[DETECTION] Is the Trojan horse TR/Click.Agent.aam

--> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aadi

[NOTE]      The file was moved to '486d1029.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100703.exe

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Is the Trojan horse TR/Click.Small.UG

--> Object

[DETECTION] Is the Trojan horse TR/Click.Agent.aam

--> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aadi

[NOTE]      The file was moved to '491155aa.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100704.exe

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Is the Trojan horse TR/Click.Small.UG

--> Object

[DETECTION] Is the Trojan horse TR/Click.Agent.aam

--> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.aadi

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 20:43:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
[NOTE]      The file was moved to '491155ab.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100708.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486d102c.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100709.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '486d102b.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100710.exe

[DETECTION] Is the Trojan horse TR/Dldr.Agent.ntx.1

[NOTE]      The file was moved to '491155ac.qua'!
 E:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100713.exe

[DETECTION] Is the Trojan horse TR/Dldr.Small.uxb

[NOTE]      The file was moved to '486d102d.qua'!
 E:\WINDOWS\40021.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486c102d.qua'!
 E:\WINDOWS\47494.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48701034.qua'!
 E:\WINDOWS\CmiRmRedundDir.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a5106b.qua'!
 E:\WINDOWS\CMIUninstall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4885104b.qua'!
 E:\WINDOWS\fdsv.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af1063.qua'!
 E:\WINDOWS\grep.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a11071.qua'!
 E:\WINDOWS\ha_80033.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489b1061.qua'!
 E:\WINDOWS\ha_80034.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49e12622.qua'!
 E:\WINDOWS\ha_80161.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489b1063.qua'!
 E:\WINDOWS\hh.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486a1069.qua'!
 E:\WINDOWS\IsUn0804.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48911075.qua'!
 E:\WINDOWS\KVNETSH.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488a1058.qua'!
 E:\WINDOWS\mfc42.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '489f106f.qua'!
 E:\WINDOWS\Nircmd.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae1073.qua'!
 E:\WINDOWS\page1.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a3106b.qua'!
 E:\WINDOWS\page3.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a3106c.qua'!
 E:\WINDOWS\pagenewa.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49d9262d.qua'!
 E:\WINDOWS\pagess.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a3106e.qua'!
 E:\WINDOWS\pagesss.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a3106d.qua'!
 E:\WINDOWS\pgpmxxvd.exe

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '48ac1073.qua'!
 E:\WINDOWS\QQxcv.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b4105e.qua'!
 E:\WINDOWS\sed.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01079.qua'!
 E:\WINDOWS\sviec.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '48a5108b.qua'!
 E:\WINDOWS\swreg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae108c.qua'!
 E:\WINDOWS\swsc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af108c.qua'!
 E:\WINDOWS\swxcacls.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b4108d.qua'!
 E:\WINDOWS\VFind.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a5105d.qua'!
 E:\WINDOWS\WNETNF.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48811066.qua'!
 E:\WINDOWS\zip.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac1088.qua'!
 E:\WINDOWS\$hf_mig$\KB898461\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1108f.qua'!
 E:\WINDOWS\$hf_mig$\KB898461\s​pupdsvc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5510.qua'!
 E:\WINDOWS\$hf_mig$\KB898461\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01090.qua'!
 E:\WINDOWS\$hf_mig$\KB900485\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11090.qua'!
 E:\WINDOWS\$hf_mig$\KB900485\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01091.qua'!
 E:\WINDOWS\$hf_mig$\KB908531\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11092.qua'!
 E:\WINDOWS\$hf_mig$\KB908531\S​P2QFE\verclsid.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae1087.qua'!
 E:\WINDOWS\$hf_mig$\KB908531\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01093.qua'!
 E:\WINDOWS\$hf_mig$\KB911280\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11093.qua'!
 E:\WINDOWS\$hf_mig$\KB911280\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dd5db4.qua'!
 E:\WINDOWS\$hf_mig$\KB913580\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11094.qua'!
 E:\WINDOWS\$hf_mig$\KB913580\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01095.qua'!
 E:\WINDOWS\$hf_mig$\KB914388\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11096.qua'!
 E:\WINDOWS\$hf_mig$\KB914388\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01096.qua'!
 E:\WINDOWS\$hf_mig$\KB914389\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11097.qua'!
 E:\WINDOWS\$hf_mig$\KB914389\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01097.qua'!
 E:\WINDOWS\$hf_mig$\KB916595\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5518.qua'!
 E:\WINDOWS\$hf_mig$\KB916595\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01098.qua'!
 E:\WINDOWS\$hf_mig$\KB917344\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11099.qua'!
 E:\WINDOWS\$hf_mig$\KB917344\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01099.qua'!
 E:\WINDOWS\$hf_mig$\KB917953\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1109a.qua'!
 E:\WINDOWS\$hf_mig$\KB917953\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0109a.qua'!
 E:\WINDOWS\$hf_mig$\KB918118\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1109b.qua'!
 E:\WINDOWS\$hf_mig$\KB918118\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0109b.qua'!
 E:\WINDOWS\$hf_mig$\KB918439\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd551c.qua'!
 E:\WINDOWS\$hf_mig$\KB918439\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0109c.qua'!
 E:\WINDOWS\$hf_mig$\KB919007\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1109c.qua'!
 E:\WINDOWS\$hf_mig$\KB919007\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0109d.qua'!
 E:\WINDOWS\$hf_mig$\KB920213\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1109e.qua'!
 E:\WINDOWS\$hf_mig$\KB920213\S​P2QFE\agentsvr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a11095.qua'!
 E:\WINDOWS\$hf_mig$\KB920213\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0109f.qua'!
 E:\WINDOWS\$hf_mig$\KB920670\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1109f.qua'!
 E:\WINDOWS\$hf_mig$\KB920670\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010a0.qua'!
 E:\WINDOWS\$hf_mig$\KB920683\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a0.qua'!
 E:\WINDOWS\$hf_mig$\KB920683\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dd5d81.qua'!
 E:\WINDOWS\$hf_mig$\KB920685\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a2.qua'!
 E:\WINDOWS\$hf_mig$\KB920685\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010a2.qua'!
 E:\WINDOWS\$hf_mig$\KB920872\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a3.qua'!
 E:\WINDOWS\$hf_mig$\KB920872\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010a3.qua'!
 E:\WINDOWS\$hf_mig$\KB921503\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5524.qua'!
 E:\WINDOWS\$hf_mig$\KB921503\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010a4.qua'!
 E:\WINDOWS\$hf_mig$\KB922582\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a4.qua'!
 E:\WINDOWS\$hf_mig$\KB922582\S​P2QFE\fltmc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b010a1.qua'!
 E:\WINDOWS\$hf_mig$\KB922582\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010a5.qua'!
 E:\WINDOWS\$hf_mig$\KB922819\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a6.qua'!
 E:\WINDOWS\$hf_mig$\KB922819\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010a7.qua'!
 E:\WINDOWS\$hf_mig$\KB923414\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a7.qua'!
 E:\WINDOWS\$hf_mig$\KB923414\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dd5d88.qua'!
 E:\WINDOWS\$hf_mig$\KB923980\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a8.qua'!
 E:\WINDOWS\$hf_mig$\KB923980\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010a8.qua'!
 E:\WINDOWS\$hf_mig$\KB924191\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110a9.qua'!
 E:\WINDOWS\$hf_mig$\KB924191\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010aa.qua'!
 E:\WINDOWS\$hf_mig$\KB924270\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110aa.qua'!
 E:\WINDOWS\$hf_mig$\KB924270\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010ab.qua'!
 E:\WINDOWS\$hf_mig$\KB925902\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110ab.qua'!
 E:\WINDOWS\$hf_mig$\KB925902\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010ac.qua'!
 E:\WINDOWS\$hf_mig$\KB926255\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110ac.qua'!
 E:\WINDOWS\$hf_mig$\KB926255\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dd5d8d.qua'!
 E:\WINDOWS\$hf_mig$\KB926436\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110ad.qua'!
 E:\WINDOWS\$hf_mig$\KB926436\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010ae.qua'!
 E:\WINDOWS\$hf_mig$\KB927779\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110af.qua'!
 E:\WINDOWS\$hf_mig$\KB927779\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010af.qua'!
 E:\WINDOWS\$hf_mig$\KB927802\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b0.qua'!
 E:\WINDOWS\$hf_mig$\KB927802\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b0.qua'!
 E:\WINDOWS\$hf_mig$\KB927891\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1cc9.qua'!
 E:\WINDOWS\$hf_mig$\KB927891\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b1.qua'!
 E:\WINDOWS\$hf_mig$\KB928255\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b1.qua'!
 E:\WINDOWS\$hf_mig$\KB928255\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b2.qua'!
 E:\WINDOWS\$hf_mig$\KB928843\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b3.qua'!
 E:\WINDOWS\$hf_mig$\KB928843\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b3.qua'!
 E:\WINDOWS\$hf_mig$\KB929123\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b4.qua'!
 E:\WINDOWS\$hf_mig$\KB929123\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b4.qua'!
 E:\WINDOWS\$hf_mig$\KB929969\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b5.qua'!
 E:\WINDOWS\$hf_mig$\KB929969\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b5.qua'!
 E:\WINDOWS\$hf_mig$\KB930178\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b6.qua'!
 E:\WINDOWS\$hf_mig$\KB930178\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b7.qua'!
 E:\WINDOWS\$hf_mig$\KB930916\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b8.qua'!
 E:\WINDOWS\$hf_mig$\KB930916\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b8.qua'!
 E:\WINDOWS\$hf_mig$\KB931261\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1cc1.qua'!
 E:\WINDOWS\$hf_mig$\KB931261\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b9.qua'!
 E:\WINDOWS\$hf_mig$\KB931784\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110b9.qua'!
 E:\WINDOWS\$hf_mig$\KB931784\S​P2QFE\ntkrnlmp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a710bd.qua'!
 E:\WINDOWS\$hf_mig$\KB931784\S​P2QFE\ntkrnlpa.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a710bf.qua'!
 E:\WINDOWS\$hf_mig$\KB931784\S​P2QFE\ntkrpamp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a710c0.qua'!
 E:\WINDOWS\$hf_mig$\KB931784\S​P2QFE\ntoskrnl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab10c0.qua'!
 E:\WINDOWS\$hf_mig$\KB931784\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010bc.qua'!
 E:\WINDOWS\$hf_mig$\KB931836\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110bd.qua'!
 E:\WINDOWS\$hf_mig$\KB931836\S​P2QFE\tzchange.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f10c7.qua'!
 E:\WINDOWS\$hf_mig$\KB931836\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010bd.qua'!
 E:\WINDOWS\$hf_mig$\KB932168\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110be.qua'!
 E:\WINDOWS\$hf_mig$\KB932168\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010bf.qua'!
 E:\WINDOWS\$hf_mig$\KB933360\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110c0.qua'!
 E:\WINDOWS\$hf_mig$\KB933360\S​P2QFE\tzchange.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f10ca.qua'!
 E:\WINDOWS\$hf_mig$\KB933360\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010c0.qua'!
 E:\WINDOWS\$hf_mig$\KB933566\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110c1.qua'!
 E:\WINDOWS\$hf_mig$\KB933566\S​P2QFE\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010b6.qua'!
 E:\WINDOWS\$hf_mig$\KB933566\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010c3.qua'!
 E:\WINDOWS\$hf_mig$\KB933729\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110c4.qua'!
 E:\WINDOWS\$hf_mig$\KB933729\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010c4.qua'!
 E:\WINDOWS\$hf_mig$\KB935839\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110c5.qua'!
 E:\WINDOWS\$hf_mig$\KB935839\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010c5.qua'!
 E:\WINDOWS\$hf_mig$\KB935840\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1cbe.qua'!
 E:\WINDOWS\$hf_mig$\KB935840\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010c6.qua'!
 E:\WINDOWS\$hf_mig$\KB936021\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110c7.qua'!
 E:\WINDOWS\$hf_mig$\KB936021\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010c8.qua'!
 E:\WINDOWS\$hf_mig$\KB937143\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110c8.qua'!
 E:\WINDOWS\$hf_mig$\KB937143\S​P2QFE\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010be.qua'!
 E:\WINDOWS\$hf_mig$\KB937143\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010c9.qua'!
 E:\WINDOWS\$hf_mig$\KB937894\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110ca.qua'!
 E:\WINDOWS\$hf_mig$\KB937894\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010cc.qua'!
 E:\WINDOWS\$hf_mig$\KB938127\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110cc.qua'!
 E:\WINDOWS\$hf_mig$\KB938127\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010cd.qua'!
 E:\WINDOWS\$hf_mig$\KB938828\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110cd.qua'!
 E:\WINDOWS\$hf_mig$\KB938828\S​P2QFE\explorer.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac10d5.qua'!
 E:\WINDOWS\$hf_mig$\KB938828\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010ce.qua'!
 E:\WINDOWS\$hf_mig$\KB938829\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110cf.qua'!
 E:\WINDOWS\$hf_mig$\KB938829\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010cf.qua'!
 E:\WINDOWS\$hf_mig$\KB939653\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110d0.qua'!
 E:\WINDOWS\$hf_mig$\KB939653\S​P2QFE\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dd5de6.qua'!
 E:\WINDOWS\$hf_mig$\KB939653\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010d1.qua'!
 E:\WINDOWS\$hf_mig$\KB941202\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110d2.qua'!
 E:\WINDOWS\$hf_mig$\KB941202\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010d2.qua'!
 E:\WINDOWS\$hf_mig$\KB941568\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110d3.qua'!
 E:\WINDOWS\$hf_mig$\KB941568\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010d4.qua'!
 E:\WINDOWS\$hf_mig$\KB941644\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110d4.qua'!
 E:\WINDOWS\$hf_mig$\KB941644\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010d5.qua'!
 E:\WINDOWS\$hf_mig$\KB941693\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110d5.qua'!
 E:\WINDOWS\$hf_mig$\KB941693\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49ce04ce.qua'!
 E:\WINDOWS\$hf_mig$\KB942615\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110d6.qua'!
 E:\WINDOWS\$hf_mig$\KB942615\S​P2QFE\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49ce04d6.qua'!
 E:\WINDOWS\$hf_mig$\KB942615\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010d8.qua'!
 E:\WINDOWS\$hf_mig$\KB942763\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110d9.qua'!
 E:\WINDOWS\$hf_mig$\KB942763\S​P2QFE\tzchange.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f10e3.qua'!
 E:\WINDOWS\$hf_mig$\KB942763\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010d9.qua'!
 E:\WINDOWS\$hf_mig$\KB942840\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110da.qua'!
 E:\WINDOWS\$hf_mig$\KB942840\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010db.qua'!
 E:\WINDOWS\$hf_mig$\KB943055\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110dc.qua'!
 E:\WINDOWS\$hf_mig$\KB943055\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010dc.qua'!
 E:\WINDOWS\$hf_mig$\KB943460\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1ca5.qua'!
 E:\WINDOWS\$hf_mig$\KB943460\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010dd.qua'!
 E:\WINDOWS\$hf_mig$\KB943485\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110dd.qua'!
 E:\WINDOWS\$hf_mig$\KB943485\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010de.qua'!
 E:\WINDOWS\$hf_mig$\KB944338\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110df.qua'!
 E:\WINDOWS\$hf_mig$\KB944338\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e0.qua'!
 E:\WINDOWS\$hf_mig$\KB944533\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110e0.qua'!
 E:\WINDOWS\$hf_mig$\KB944533\S​P2QFE\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010d6.qua'!
 E:\WINDOWS\$hf_mig$\KB944533\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e1.qua'!
 E:\WINDOWS\$hf_mig$\KB944653\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110e2.qua'!
 E:\WINDOWS\$hf_mig$\KB944653\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e3.qua'!
 E:\WINDOWS\$hf_mig$\KB945553\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110e4.qua'!
 E:\WINDOWS\$hf_mig$\KB945553\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e4.qua'!
 E:\WINDOWS\$hf_mig$\KB946026\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110e5.qua'!
 E:\WINDOWS\$hf_mig$\KB946026\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e5.qua'!
 E:\WINDOWS\$hf_mig$\KB946627\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c9e.qua'!
 E:\WINDOWS\$hf_mig$\KB946627\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e6.qua'!
 E:\WINDOWS\$hf_mig$\KB947864\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110e6.qua'!
 E:\WINDOWS\$hf_mig$\KB947864\S​P2QFE\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49ce04c5.qua'!
 E:\WINDOWS\$hf_mig$\KB947864\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e8.qua'!
 E:\WINDOWS\$hf_mig$\KB948590\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110e9.qua'!
 E:\WINDOWS\$hf_mig$\KB948590\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010e9.qua'!
 E:\WINDOWS\$hf_mig$\KB948881\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110ea.qua'!
 E:\WINDOWS\$hf_mig$\KB948881\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010ea.qua'!
 E:\WINDOWS\$hf_mig$\KB950749\s​puninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110eb.qua'!
 E:\WINDOWS\$hf_mig$\KB950749\u​pdate\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a010ec.qua'!
 E:\WINDOWS\$NtUninstallKB89846​1$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110ed.qua'!
 E:\WINDOWS\$NtUninstallKB90048​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c96.qua'!
 E:\WINDOWS\$NtUninstallKB91128​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110ee.qua'!
 E:\WINDOWS\$NtUninstallKB91156​4$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c97.qua'!
 E:\WINDOWS\$NtUninstallKB91358​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f0.qua'!
 E:\WINDOWS\$NtUninstallKB91438​8$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c89.qua'!
 E:\WINDOWS\$NtUninstallKB91438​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f1.qua'!
 E:\WINDOWS\$NtUninstallKB91659​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c8a.qua'!
 E:\WINDOWS\$NtUninstallKB91734​4$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f2.qua'!
 E:\WINDOWS\$NtUninstallKB91773​4_WMP10$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c8b.qua'!
 E:\WINDOWS\$NtUninstallKB91795​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f4.qua'!
 E:\WINDOWS\$NtUninstallKB91811​8$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c8d.qua'!
 E:\WINDOWS\$NtUninstallKB91843​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f5.qua'!
 E:\WINDOWS\$NtUninstallKB91900​7$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c8e.qua'!
 E:\WINDOWS\$NtUninstallKB92021​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f7.qua'!
 E:\WINDOWS\$NtUninstallKB92067​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f6.qua'!
 E:\WINDOWS\$NtUninstallKB92068​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c8f.qua'!
 E:\WINDOWS\$NtUninstallKB92068​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c80.qua'!
 E:\WINDOWS\$NtUninstallKB92087​2$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f8.qua'!
 E:\WINDOWS\$NtUninstallKB92150​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c81.qua'!
 E:\WINDOWS\$NtUninstallKB92258​2$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110f9.qua'!
 E:\WINDOWS\$NtUninstallKB92281​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc1c82.qua'!
 E:\WINDOWS\$NtUninstallKB92319​1$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110fa.qua'!
 E:\WINDOWS\$NtUninstallKB92341​4$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110fb.qua'!
 E:\WINDOWS\$NtUninstallKB92368​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd557c.qua'!
 E:\WINDOWS\$NtUninstallKB92398​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110fc.qua'!
 E:\WINDOWS\$NtUninstallKB92419​1$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd557d.qua'!
 E:\WINDOWS\$NtUninstallKB92427​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110fd.qua'!
 E:\WINDOWS\$NtUninstallKB92466​7$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd557e.qua'!
 E:\WINDOWS\$NtUninstallKB92539​8_WMP64$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b110fe.qua'!
 E:\WINDOWS\$NtUninstallKB92590​2$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11100.qua'!
 E:\WINDOWS\$NtUninstallKB92625​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5481.qua'!
 E:\WINDOWS\$NtUninstallKB92643​6$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11101.qua'!
 E:\WINDOWS\$NtUninstallKB92777​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5482.qua'!
 E:\WINDOWS\$NtUninstallKB92780​2$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11102.qua'!
 E:\WINDOWS\$NtUninstallKB92789​1$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5483.qua'!
 E:\WINDOWS\$NtUninstallKB92825​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11104.qua'!
 E:\WINDOWS\$NtUninstallKB92884​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5485.qua'!
 E:\WINDOWS\$NtUninstallKB92912​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11105.qua'!
 E:\WINDOWS\$NtUninstallKB92996​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5486.qua'!
 E:\WINDOWS\$NtUninstallKB93017​8$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11106.qua'!
 E:\WINDOWS\$NtUninstallKB93091​6$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5487.qua'!
 E:\WINDOWS\$NtUninstallKB93126​1$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11107.qua'!
 E:\WINDOWS\$NtUninstallKB93178​4$\ntkrnlmp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7110c.qua'!
 E:\WINDOWS\$NtUninstallKB93178​4$\ntkrnlpa.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7110d.qua'!
 E:\WINDOWS\$NtUninstallKB93178​4$\ntkrpamp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49dc2cee.qua'!
 E:\WINDOWS\$NtUninstallKB93178​4$\ntoskrnl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab110e.qua'!
 E:\WINDOWS\$NtUninstallKB93178​4$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1110a.qua'!
 E:\WINDOWS\$NtUninstallKB93183​6$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1110b.qua'!
 E:\WINDOWS\$NtUninstallKB93216​8$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1110c.qua'!
 E:\WINDOWS\$NtUninstallKB93336​0$\tzchange.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1116.qua'!

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 20:44:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
E:\WINDOWS\$NtUninstallKB93336​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1110d.qua'!
 E:\WINDOWS\$NtUninstallKB93356​6$\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01102.qua'!
 E:\WINDOWS\$NtUninstallKB93356​6$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1110f.qua'!
 E:\WINDOWS\$NtUninstallKB93372​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11110.qua'!
 E:\WINDOWS\$NtUninstallKB93583​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11111.qua'!
 E:\WINDOWS\$NtUninstallKB93584​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5492.qua'!
 E:\WINDOWS\$NtUninstallKB93602​1$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11113.qua'!
 E:\WINDOWS\$NtUninstallKB93678​2_WMP10$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11112.qua'!
 E:\WINDOWS\$NtUninstallKB93714​3$\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01108.qua'!
 E:\WINDOWS\$NtUninstallKB93714​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11115.qua'!
 E:\WINDOWS\$NtUninstallKB93789​4$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11116.qua'!
 E:\WINDOWS\$NtUninstallKB93812​7$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5497.qua'!
 E:\WINDOWS\$NtUninstallKB93882​8$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11118.qua'!
 E:\WINDOWS\$NtUninstallKB93882​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd5499.qua'!
 E:\WINDOWS\$NtUninstallKB93965​3$\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0110e.qua'!
 E:\WINDOWS\$NtUninstallKB93965​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11119.qua'!
 E:\WINDOWS\$NtUninstallKB94120​2$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1111a.qua'!
 E:\WINDOWS\$NtUninstallKB94156​8$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1111b.qua'!
 E:\WINDOWS\$NtUninstallKB94156​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1111c.qua'!
 E:\WINDOWS\$NtUninstallKB94164​4$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1111d.qua'!
 E:\WINDOWS\$NtUninstallKB94169​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd549e.qua'!
 E:\WINDOWS\$NtUninstallKB94261​5$\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01113.qua'!
 E:\WINDOWS\$NtUninstallKB94261​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1111f.qua'!
 E:\WINDOWS\$NtUninstallKB94276​3$\tzchange.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f112a.qua'!
 E:\WINDOWS\$NtUninstallKB94276​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11120.qua'!
 E:\WINDOWS\$NtUninstallKB94284​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11121.qua'!
 E:\WINDOWS\$NtUninstallKB94305​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd54a2.qua'!
 E:\WINDOWS\$NtUninstallKB94346​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11122.qua'!
 E:\WINDOWS\$NtUninstallKB94348​5$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd54a3.qua'!
 E:\WINDOWS\$NtUninstallKB94433​8$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11123.qua'!
 E:\WINDOWS\$NtUninstallKB94453​3$\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01119.qua'!
 E:\WINDOWS\$NtUninstallKB94453​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11126.qua'!
 E:\WINDOWS\$NtUninstallKB94465​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd54a7.qua'!
 E:\WINDOWS\$NtUninstallKB94555​3$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11128.qua'!
 E:\WINDOWS\$NtUninstallKB94602​6$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cd54a9.qua'!
 E:\WINDOWS\$NtUninstallKB94662​7$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11129.qua'!
 E:\WINDOWS\$NtUninstallKB94786​4$\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0111e.qua'!
 E:\WINDOWS\$NtUninstallKB94786​4$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1112a.qua'!
 E:\WINDOWS\$NtUninstallKB94859​0$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1112b.qua'!
 E:\WINDOWS\$NtUninstallKB94888​1$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1112c.qua'!
 E:\WINDOWS\$NtUninstallKB95074​9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1112d.qua'!
 E:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7114d.qua'!
 E:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49ca1d36.qua'!
 E:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7114e.qua'!
 E:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab114e.qua'!
 E:\WINDOWS\ERDNT\Hiv-backup\ER​DNT.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48801136.qua'!
 E:\WINDOWS\ERDNT\subs\ERDNT.EX​E

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48801137.qua'!
 E:\WINDOWS\ime\winupgrade.exe

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '48aa1182.qua'!
 E:\WINDOWS\ime\IMJP8_1\cplexe.​exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a8118a.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjpdad​m.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a61187.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjpdct​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49da5408.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjpdsv​r.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a61188.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjpins​t.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a61189.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjpmig​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49da540a.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjprw.​exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a6118a.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjpuex​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49da540b.qua'!
 E:\WINDOWS\ime\IMJP8_1\imjputy​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a6118b.qua'!
 E:\WINDOWS\ime\IMKR6_1\imekrmi​g.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a11196.qua'!
 E:\WINDOWS\ime\IMKR6_1\imkrins​t.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a71196.qua'!
 E:\WINDOWS\ime\SHARED\imepadsv​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a11198.qua'!
 E:\WINDOWS\inf\unregmp2.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae11ab.qua'!
 E:\WINDOWS\msagent\agentsvr.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a111aa.qua'!
 E:\WINDOWS\QQ&#20384;&#20041;&​#36947;II\uninstall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a511d2.qua'!
 E:\WINDOWS\RegisteredPackages\​{3FDF25EE-E592-4495-8391-6E9C5​04DAC2B}\setup_wm.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b011c9.qua'!
 E:\WINDOWS\RegisteredPackages\​{981FB688-E76B-4246-987B-92083​185B90A}\uwdf.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a011dc.qua'!
 E:\WINDOWS\RegisteredPackages\​{981FB688-E76B-4246-987B-92083​185B90A}\wdfmgr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a211c9.qua'!
 E:\WINDOWS\RegisteredPackages\​{AAC1D942-0B38-4E37-9E4E-5B96A​9DD2170}\logagent.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a311d6.qua'!
 E:\WINDOWS\RegisteredPackages\​{DD90D410-1823-43EB-9A16-A2331​BF08799}\migrate.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a311d2.qua'!
 E:\WINDOWS\RegisteredPackages\​{DD90D410-1823-43EB-9A16-A2331​BF08799}\unregmp2.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae11d7.qua'!
 E:\WINDOWS\RegisteredPackages\​{DD90D410-1823-43EB-9A16-A2331​BF08799}\wmlaunch.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a811d7.qua'!
 E:\WINDOWS\RegisteredPackages\​{DD90D410-1823-43EB-9A16-A2331​BF08799}\wmpenc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac11d9.qua'!
 E:\WINDOWS\RegisteredPackages\​{DD90D410-1823-43EB-9A16-A2331​BF08799}\wmplayer.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac11da.qua'!
 E:\WINDOWS\SiS\900\uninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a511dd.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\167a777bfc2048bde7e​ebe890cd2500f\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b111e1.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\167a777bfc2048bde7e​ebe890cd2500f\update\update.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a011e4.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\3e676669039c453a19e​9b97498f02e20\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b111e5.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\3e676669039c453a19e​9b97498f02e20\SP2GDR\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a011da.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\3e676669039c453a19e​9b97498f02e20\SP2QFE\iedw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a011db.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\3e676669039c453a19e​9b97498f02e20\update\update.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a011e7.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\58b4ccd921a27eb0a6e​e0e6605451967\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b111e8.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\58b4ccd921a27eb0a6e​e0e6605451967\update\update.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a011e9.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\8fdc91ab0e28c3dbadb​b6849c29eaf2a\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b111ea.qua'!
 E:\WINDOWS\SoftwareDistributio​n\Download\8fdc91ab0e28c3dbadb​b6849c29eaf2a\update\update.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a011ea.qua'!
 E:\WINDOWS\system\SmWizard.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489311eb.qua'!
 E:\WINDOWS\system\zayjhxpRes08​0427.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '48b511df.qua'!
 E:\WINDOWS\system\zhqb320.dll

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '48ad11e7.qua'!
 E:\WINDOWS\system\zhqbs080424.​exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '49d62c08.qua'!
 E:\WINDOWS\system\zhqbs080427.​exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '48ad11e8.qua'!
 E:\WINDOWS\system\zykjnzayjhxp​Res080507.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '48a711f9.qua'!
 E:\WINDOWS\system32\0.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48a111af.qua'!
 E:\WINDOWS\system32\52pgnw8k.d​ll

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ac11b4.qua'!
 E:\WINDOWS\system32\avp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac11fa.qua'!
 E:\WINDOWS\system32\B9BBB.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.ebu

[NOTE]      The file was moved to '487e11be.qua'!
 E:\WINDOWS\system32\BCE37.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488111c9.qua'!
 E:\WINDOWS\system32\ccwlae0804​30.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '48b311ea.qua'!
 E:\WINDOWS\system32\ccwld16_08​0430.dll

[DETECTION] Is the Trojan horse TR/Spy.Pophot.awu

[NOTE]      The file was moved to '48b311eb.qua'!
 E:\WINDOWS\system32\cinmon.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa11f2.qua'!
 E:\WINDOWS\system32\cmirmdrv.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a511f8.qua'!
 E:\WINDOWS\system32\ctfonm.exe

[DETECTION] Contains detection pattern of the worm WORM/Otwycal.I

[NOTE]      The file was moved to '48a21201.qua'!
 E:\WINDOWS\system32\DLD.exe

[DETECTION] Is the Trojan horse TR/Dldr.Small.usu

[NOTE]      The file was moved to '488011e0.qua'!
 E:\WINDOWS\system32\edling

[DETECTION] Is the Trojan horse TR/Agent.jtr.2

[NOTE]      The file was moved to '48a811fc.qua'!
 E:\WINDOWS\system32\espter.sys

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

[NOTE]      The file was moved to '48ac120b.qua'!
 E:\WINDOWS\system32\exe2.exe

[DETECTION] Is the Trojan horse TR/Agent.18944.C.2

[NOTE]      The file was moved to '48a11211.qua'!
 E:\WINDOWS\system32\explorer.e​xe

[DETECTION] Is the Trojan horse TR/Click.Agent.aib

[NOTE]      The file was moved to '48ac1211.qua'!
 E:\WINDOWS\system32\fjnbv.dll
  [0] Archive type: RSRC
  --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.20

[NOTE]      The file was moved to '48aa1205.qua'!
 E:\WINDOWS\system32\fltmc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b01208.qua'!
 E:\WINDOWS\system32\fqdwctwprl​.dll

[DETECTION] Is the Trojan horse TR/BHO.Gen

[NOTE]      The file was moved to '48a0120e.qua'!
 E:\WINDOWS\system32\frntrn.dll

[DETECTION] Is the Trojan horse TR/Dldr.Stration.Gen

[NOTE]      The file was moved to '48aa120f.qua'!
 E:\WINDOWS\system32\fylsas.exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '48a81217.qua'!
 E:\WINDOWS\system32\HD_DRIVER.​dll

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '489b11e4.qua'!
 E:\WINDOWS\system32\hd_driver.​exe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '489b1204.qua'!
 E:\WINDOWS\system32\hhrdxd.dll

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48ae1209.qua'!
 E:\WINDOWS\system32\hukkcbvgqq​.dll

[DETECTION] Is the Trojan horse TR/BHO.Gen

[NOTE]      The file was moved to '48a71217.qua'!
 E:\WINDOWS\system32\jh.exe

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '486a120f.qua'!
 E:\WINDOWS\system32\jnqpydwx.d​ll

[DETECTION] Is the Trojan horse TR/Onlinegames.NVI

[NOTE]      The file was moved to '48ad1215.qua'!
 E:\WINDOWS\system32\joiinz.dll

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adrb

[NOTE]      The file was moved to '48a51217.qua'!
 E:\WINDOWS\system32\jwlah.dll
  [0] Archive type: RSRC
  --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abur.18

[NOTE]      The file was moved to '48a8121f.qua'!
 E:\WINDOWS\system32\kduy.dll
  [0] Archive type: RSRC
  --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.abzd.22

[NOTE]      The file was moved to '48b11210.qua'!
 E:\WINDOWS\system32\KERNEL32.e​xe

[DETECTION] Contains suspicious code HEUR/Malware

[NOTE]      The fund was classified as suspicious.

[NOTE]      The file was moved to '488e11f1.qua'!
 E:\WINDOWS\system32\lofsajbo.d​ll

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48a2121e.qua'!
 E:\WINDOWS\system32\logagent.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a3121f.qua'!
 E:\WINDOWS\system32\lwizysy16_​080427.dll

[DETECTION] Is the Trojan horse TR/Spy.Pophot.asd.1

[NOTE]      The file was moved to '48a51227.qua'!
 E:\WINDOWS\system32\mcdcsrv32_​080417.dll

[DETECTION] Is the Trojan horse TR/ATRAPS.Gen

[NOTE]      The file was moved to '48a01214.qua'!
 E:\WINDOWS\system32\MMFKKLJK10​71.exe
  [0] Archive type: OVL
  --> Object

[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adlx

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akt

[NOTE]      The file was moved to '48821202.qua'!
 E:\WINDOWS\system32\MMSADZFB10​45.exe
  [0] Archive type: OVL
  --> Object

[DETECTION] Is the Trojan horse TR/Agent.10573

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akt

[NOTE]      The file was moved to '488f1202.qua'!
 E:\WINDOWS\system32\MMWLVAHB10​17.exe
  [0] Archive type: OVL

--> Object

[1] Archive type: RSRC

--> Object

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akt

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48931203.qua'!
 E:\WINDOWS\system32\Mouer.dll

[DETECTION] Is the Trojan horse TR/Click.Agent.ach

[NOTE]      The file was moved to '48b11225.qua'!
 E:\WINDOWS\system32\Mousie.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11226.qua'!
 E:\WINDOWS\system32\MRT.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4890120c.qua'!
 E:\WINDOWS\system32\mstsc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b01233.qua'!
 E:\WINDOWS\system32\msvcrt25.d​ll

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '48b21234.qua'!
 E:\WINDOWS\system32\msvcrty.ex​e

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '49de16ed.qua'!
 E:\WINDOWS\system32\mxcdcsrv16​_080417.dll

[DETECTION] Is the Trojan horse TR/Hitpop.1.65

[NOTE]      The file was moved to '489f123b.qua'!
 E:\WINDOWS\system32\mycgc32.dl​l

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '489f123c.qua'!
 E:\WINDOWS\system32\myhhcc0805​01.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '48a4123d.qua'!
 E:\WINDOWS\system32\Nessery.sy​s

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.WV.1

[NOTE]      The file was moved to '48af122a.qua'!
 E:\WINDOWS\system32\netsetup.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b0122a.qua'!
 E:\WINDOWS\system32\NpzwwmWlDS​Psy.dll

[DETECTION] Is the Trojan horse TR/Dldr.Small.vdi

[NOTE]      The file was moved to '48b61236.qua'!
 E:\WINDOWS\system32\ntkrnlpa.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7123c.qua'!
 E:\WINDOWS\system32\ntnids32.d​ll

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '48aa123e.qua'!
 E:\WINDOWS\system32\ntnids32.e​xe

[DETECTION] Is the Trojan horse TR/Downloader.Gen

[NOTE]      The file was moved to '49c616e7.qua'!
 E:\WINDOWS\system32\ntoskrnl.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab123e.qua'!
 E:\WINDOWS\system32\ntserver.d​ll

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.gvq Backdoor server programs

[NOTE]      The file was moved to '48af123f.qua'!
 E:\WINDOWS\system32\ntserver.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49c31698.qua'!
 E:\WINDOWS\system32\obwjzylpyj​.dll

[DETECTION] Is the Trojan horse TR/BHO.Gen

[NOTE]      The file was moved to '48b3122e.qua'!
 E:\WINDOWS\system32\qgtbnkblwt​.dll

[DETECTION] Is the Trojan horse TR/BHO.Gen

[NOTE]      The file was moved to '48b01239.qua'!
 E:\WINDOWS\system32\raidiap080​417.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '48a51234.qua'!
 E:\WINDOWS\system32\servciesa.​exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae123d.qua'!
 E:\WINDOWS\system32\servciesd.​exe

[DETECTION] Is the Trojan horse TR/Agent.15872

[NOTE]      The file was moved to '48ae123e.qua'!
 E:\WINDOWS\system32\Server1.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49c216e7.qua'!
 E:\WINDOWS\system32\sichost.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1245.qua'!
 E:\WINDOWS\system32\skype.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b51247.qua'!
 E:\WINDOWS\system32\sovlost.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b2124c.qua'!
 E:\WINDOWS\system32\spiisupd.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a5124d.qua'!
 E:\WINDOWS\system32\spoolsv.ex​e

[DETECTION] Contains detection pattern of the worm WORM/Otwycal.I

[NOTE]      The file was moved to '48ab124e.qua'!
 E:\WINDOWS\system32\spupdsvc.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b1124e.qua'!
 E:\WINDOWS\system32\svchust.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1257.qua'!
 E:\WINDOWS\system32\telnet.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a81247.qua'!
 E:\WINDOWS\system32\temp_112.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a91248.qua'!
 E:\WINDOWS\system32\temp_15.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a91249.qua'!
 E:\WINDOWS\system32\temp_47.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a9124a.qua'!
 E:\WINDOWS\system32\tscupgrd.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1259.qua'!
 E:\WINDOWS\system32\tzchange.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1260.qua'!
 E:\WINDOWS\system32\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931235.qua'!
 E:\WINDOWS\system32\url2.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a8125b.qua'!
 E:\WINDOWS\system32\url3.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '48a8125c.qua'!
 E:\WINDOWS\system32\url4.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49c41685.qua'!
 E:\WINDOWS\system32\url5.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '48a8125e.qua'!
 E:\WINDOWS\system32\userinit.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a1125e.qua'!
 E:\WINDOWS\system32\uwdf.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01263.qua'!
 E:\WINDOWS\system32\vistaA.exe

[DETECTION] Is the Trojan horse TR/Dldr.Losabel.IC

[NOTE]      The file was moved to '48af1256.qua'!
 E:\WINDOWS\system32\vlsta.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af125a.qua'!
 E:\WINDOWS\system32\wdfmgr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a21253.qua'!
 E:\WINDOWS\system32\winhelp1.e​xe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa1259.qua'!
 E:\WINDOWS\system32\winini.exe

[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen

[NOTE]      The file was moved to '48aa125a.qua'!
 E:\WINDOWS\system32\Winsp2.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48aa125c.qua'!
 E:\WINDOWS\system32\ydgn.dll
  [0] Archive type: RSRC
  --> Object

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

[NOTE]      The file was moved to '48a3125d.qua'!

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 20:45:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
E:\WINDOWS\system32\zsms1check​.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48a9126c.qua'!
 E:\WINDOWS\system32\zsmscheck0​80423.dll

[DETECTION] Is the Trojan horse TR/Agent.94720.H

[NOTE]      The file was moved to '49c516b5.qua'!
 E:\WINDOWS\system32\zsmscheck0​80423.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '48a9126d.qua'!
 E:\WINDOWS\system32\zykjnlwsy1​6_080507.dll

[DETECTION] Is the Trojan horse TR/Spy.Pophot.avl.1

[NOTE]      The file was moved to '48a71274.qua'!
 E:\WINDOWS\system32\zywlaime.d​ll

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48b31274.qua'!
 E:\WINDOWS\system32\zywmdime.d​ll

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE]      The file was moved to '48b31275.qua'!
 E:\WINDOWS\system32\config\c71​9c36537a036d8562b6eac2243d93d\​admin.exe

[DETECTION] Contains detection pattern of the dropper DR/Small.Dox.3

[NOTE]      The file was moved to '48a91265.qua'!
 E:\WINDOWS\system32\config\c71​9c36537a036d8562b6eac2243d93d\​bin.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa126a.qua'!
 E:\WINDOWS\system32\config\c71​9c36537a036d8562b6eac2243d93d\​huan.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1276.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\vistaA.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af126b.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\vlsta.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af126e.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\01Y34567\da[1].js

[DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Agent.ank

[NOTE]      The file was moved to '48971272.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\01Y34567\new​s[1].htm

[DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Harsole

[NOTE]      The file was moved to '48b3127e.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\b2[1].htm

[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen

[NOTE]      The file was moved to '4897125a.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\new​s[1].htm

[DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Harsole

[NOTE]      The file was moved to '48b31297.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\8HYBSLER\cqn​ews.com[2].htm

[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen

[NOTE]      The file was moved to '48aa12b2.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\8HYBSLER\rl[1].js

[DETECTION] Contains detection pattern of the exploits EXP/RealPlay.AG

[NOTE]      The file was moved to '489712b4.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\GZ4R6B4V\new​s[1].htm

[DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Harsole

[NOTE]      The file was moved to '48b312ce.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\KHYVK9IR\cqn​ews.com[1].htm

[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen

[NOTE]      The file was moved to '48aa12e6.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\KHYVK9IR\ind​ex[5].htm

[DETECTION] Contains suspicious code HEUR/HTML.Malware

[NOTE]      The fund was classified as suspicious.

[NOTE]      The file was moved to '48a012e5.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\KHYVK9IR\ynt​ouch[2].htm

[DETECTION] Contains suspicious code HEUR/HTML.Malware

[NOTE]      The fund was classified as suspicious.

[NOTE]      The file was moved to '48b012ee.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\M56PU9SF\new​s[1].htm

[DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Harsole

[NOTE]      The file was moved to '48b312f2.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\Local Settings\Temporary Internet Files\Content.IE5\YDSTYLW1\liu​liang[1].htm

[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen

[NOTE]      The file was moved to '48b11303.qua'!
 E:\WINDOWS\system32\config\sys​temprofile\&#12300;&#24320;&#2​2987;&#12301;&#33756;&#21333;\​&#31243;&#24207;\&#21551;&#211​60;\dflljy.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE]      The file was moved to '48a81305.qua'!
 E:\WINDOWS\system32\dllcache\a​dmin.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a91306.qua'!
 E:\WINDOWS\system32\dllcache\a​gentsvr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a1130a.qua'!
 E:\WINDOWS\system32\dllcache\a​uthor.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b0131b.qua'!
 E:\WINDOWS\system32\dllcache\c​fgwiz.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a3130e.qua'!
 E:\WINDOWS\system32\dllcache\c​intsetp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa1313.qua'!
 E:\WINDOWS\system32\dllcache\c​plexe.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a8131c.qua'!
 E:\WINDOWS\system32\dllcache\e​xplorer.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac132b.qua'!
 E:\WINDOWS\system32\dllcache\f​ltmc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b0131f.qua'!
 E:\WINDOWS\system32\dllcache\f​padmcgi.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1324.qua'!
 E:\WINDOWS\system32\dllcache\f​pcount.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1324.qua'!
 E:\WINDOWS\system32\dllcache\f​premadm.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae1325.qua'!
 E:\WINDOWS\system32\dllcache\h​h.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486a1320.qua'!
 E:\WINDOWS\system32\dllcache\i​edw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01320.qua'!
 E:\WINDOWS\system32\dllcache\i​mekrmig.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a11329.qua'!
 E:\WINDOWS\system32\dllcache\i​mepadsv.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a1132a.qua'!
 E:\WINDOWS\system32\dllcache\i​mjpdadm.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a6132a.qua'!
 E:\WINDOWS\system32\dllcache\i​mjpdct.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cb1f53.qua'!
 E:\WINDOWS\system32\dllcache\i​mjpdsvr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a6132b.qua'!
 E:\WINDOWS\system32\dllcache\i​mjpinst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cb1f54.qua'!
 E:\WINDOWS\system32\dllcache\i​mjpmig.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a6132c.qua'!
 E:\WINDOWS\system32\dllcache\i​mjprw.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49cb1f55.qua'!
 E:\WINDOWS\system32\dllcache\i​mjpuex.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a6132d.qua'!
 E:\WINDOWS\system32\dllcache\i​mjputy.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a6132e.qua'!
 E:\WINDOWS\system32\dllcache\i​mkrinst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7132e.qua'!
 E:\WINDOWS\system32\dllcache\l​ogagent.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a31335.qua'!
 E:\WINDOWS\system32\dllcache\m​igrate.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a31332.qua'!
 E:\WINDOWS\system32\dllcache\m​stsc.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b01343.qua'!
 E:\WINDOWS\system32\dllcache\n​etsetup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b01339.qua'!
 E:\WINDOWS\system32\dllcache\n​tkrnlmp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a71349.qua'!
 E:\WINDOWS\system32\dllcache\n​tkrnlpa.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7134a.qua'!
 E:\WINDOWS\system32\dllcache\n​tkrpamp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a7134b.qua'!
 E:\WINDOWS\system32\dllcache\n​toskrnl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab134d.qua'!
 E:\WINDOWS\system32\dllcache\s​etup_wm.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b01347.qua'!
 E:\WINDOWS\system32\dllcache\s​html.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b0134a.qua'!
 E:\WINDOWS\system32\dllcache\s​piisupd.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a51356.qua'!
 E:\WINDOWS\system32\dllcache\t​cptest.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac134c.qua'!
 E:\WINDOWS\system32\dllcache\t​elnet.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a8134f.qua'!
 E:\WINDOWS\system32\dllcache\t​intlphr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa1354.qua'!
 E:\WINDOWS\system32\dllcache\t​intsetp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49c71f2d.qua'!
 E:\WINDOWS\system32\dllcache\t​scupgrd.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f135f.qua'!
 E:\WINDOWS\system32\dllcache\u​nregmp2.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae135c.qua'!
 E:\WINDOWS\system32\dllcache\w​mplayer.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac1362.qua'!
 E:\WINDOWS\system32\dllcache\w​uauclt.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d136d.qua'!
 E:\WINDOWS\system32\drivers\2y​ib.sys

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

[NOTE]      The file was moved to '48a51372.qua'!
 E:\WINDOWS\system32\drivers\ha​pdrv.sys

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akt

[NOTE]      The file was moved to '48ac135c.qua'!
 E:\WINDOWS\system32\drivers\hw​im.sys

[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.akh

[NOTE]      The file was moved to '48a51373.qua'!
 E:\WINDOWS\system32\drivers\ms​osmsp2p32.sys

[DETECTION] Is the Trojan horse TR/PSW.Online.ddo

[NOTE]      The file was moved to '48ab1370.qua'!
 E:\WINDOWS\system32\IME\CINTLG​NT\CINTSETP.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488a134b.qua'!
 E:\WINDOWS\system32\IME\TINTLG​NT\TINTLPHR.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488a134c.qua'!
 E:\WINDOWS\system32\IME\TINTLG​NT\TINTSETP.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488a134d.qua'!
 E:\WINDOWS\system32\IME\unispi​m\IESearch_sitezgdg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488f1349.qua'!
 E:\WINDOWS\system32\IME\unispi​m\instupim.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af1373.qua'!
 E:\WINDOWS\system32\IME\unispi​m\wlbackup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489e1372.qua'!
 E:\WINDOWS\system32\IME\unispi​m\wlmerge.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a91373.qua'!
 E:\WINDOWS\system32\inf\scrszy​ys16_080427.dll

[DETECTION] Is the Trojan horse TR/Spy.Pophot.asd.1

[NOTE]      The file was moved to '48ae136a.qua'!
 E:\WINDOWS\system32\inf\zykjns​crsyszy080507.scr

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs

[NOTE]      The file was moved to '48a71380.qua'!
 E:\WINDOWS\system32\inf\zykjns​crszyys16_080507.dll

[DETECTION] Is the Trojan horse TR/Spy.Pophot.avl.1

[NOTE]      The file was moved to '48a71381.qua'!
 E:\WINDOWS\system32\Macromed\F​lash\FlashUtil9e.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1376.qua'!
 E:\WINDOWS\system32\Macromed\F​lash\GetFlash.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b0136f.qua'!
 E:\WINDOWS\system32\Macromed\F​lash\NPSWF32_FlashUtil.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488f135b.qua'!
 E:\WINDOWS\system32\Macromed\F​lash\uninstall_activeX.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a51379.qua'!
 E:\WINDOWS\system32\Macromed\S​hockwave 10\SwHelper_1020022.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48841383.qua'!
 E:\WINDOWS\system32\Macromed\S​hockwave 10\SwInit.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48851383.qua'!
 E:\WINDOWS\system32\Macromed\S​hockwave 10\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4893135b.qua'!
 E:\WINDOWS\system32\oobe\jvgcv​fbiye.dll

[DETECTION] Is the Trojan horse TR/Dldr.Delphi.Gen

[NOTE]      The file was moved to '48a31385.qua'!
 E:\WINDOWS\Tasks\0x01xx8p.exe

[DETECTION] Contains detection pattern of the worm WORM/Otwycal.I

[NOTE]      The file was moved to '486c1391.qua'!
 E:\WINDOWS\TEMP\ICD1.tmp\FP_AX​_CAB_INSTALLER.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489b1369.qua'!
 Begin scan in 'F:\' <&#36719;&#20214;>
 F:\77jinting\ttp460.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac1393.qua'!
 F:\a-squared Free\a2cmd.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1352.qua'!
 F:\a-squared Free\a2free.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a21352.qua'!
 F:\a-squared Free\a2upd.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b11353.qua'!
 F:\a-squared Free\unins000.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a51390.qua'!
 F:\btcomet\BitComet_0.60_setup​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b0138f.qua'!
 F:\btcomet\BitComet\codec\Code​cCheck.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a01396.qua'!
 F:\CCleaner\CCleaner.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a8136c.qua'!
 F:\CCleaner\uninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a51398.qua'!
 F:\dubq\db05is.31.9106.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486c138d.qua'!
 F:\dubq\db_is_050923.821.0.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489b138f.qua'!
 F:\Program Files\Spybot - Search & Destroy\blindman.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a5139b.qua'!
 F:\Program Files\Spybot - Search & Destroy\SDDelFile.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48801375.qua'!
 F:\Program Files\Spybot - Search & Destroy\SDMain.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48891376.qua'!
 F:\Program Files\Spybot - Search & Destroy\SDShred.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488f1376.qua'!
 F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931376.qua'!
 F:\Program Files\Spybot - Search & Destroy\unins000.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a513a1.qua'!
 F:\Program Files\Spybot - Search & Destroy\Update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a013a5.qua'!
 F:\QQGAME\Accel.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f139d.qua'!
 F:\QQGAME\QQGame.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4883138c.qua'!
 F:\QQGAME\QQGameDl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4883138d.qua'!
 F:\QQGAME\Uninstall.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a513aa.qua'!
 F:\QQGAME\CChess\CChess.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a41380.qua'!
 F:\QQGAME\CChess\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4893138c.qua'!
 F:\QQGAME\Chess\QQChess.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '487f1391.qua'!
 F:\QQGAME\ChnChess\ChnChess.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa13ac.qua'!
 F:\QQGAME\ChnChess\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931393.qua'!
 F:\QQGAME\CrazySK\CrazySK.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d13bc.qua'!
 F:\QQGAME\CrazySK\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931398.qua'!
 F:\QQGAME\Download\QQTang2.2Be​ta0114.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489013a6.qua'!
 F:\QQGAME\MjRPG\mjrpg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae13e5.qua'!
 F:\QQGAME\Money\Config.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa13eb.qua'!
 F:\QQGAME\Money\MoneyClient.ex​e

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa13ec.qua'!
 F:\QQGAME\Money\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489313cb.qua'!
 F:\QQGAME\paopaolong\paopaolon​g.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab13e0.qua'!
 F:\QQGAME\paopaolong\UNWISE.EX​E

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489313ce.qua'!
 F:\QQGAME\PocketRPG\PocketRPG.​exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f13f0.qua'!
 F:\QQGAME\PocketRPG\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489313cf.qua'!
 F:\QQGAME\TongHuaShun\TongHuaS​hun.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa1407.qua'!
 F:\QQGAME\TongHuaShun\UNWISE.E​XE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489313e6.qua'!
 F:\QQGAME\Update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a0140a.qua'!
 F:\real\RealOnePlayerV2GOLD_cn​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1401.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P335\A0281477.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13cc.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282483.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13cd.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282484.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fb6.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282485.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13cf.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282486.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13ce.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282487.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fb7.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282488.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa8.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282489.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13d0.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282490.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13d1.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282491.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031faa.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282492.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13d3.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282493.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fac.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282494.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13d7.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282495.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa0.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282496.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13d9.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282497.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13d8.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282498.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa1.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282499.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa2.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282500.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13da.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282501.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa3.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282502.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13db.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282503.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa4.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282504.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13dd.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282505.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa6.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282506.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13dc.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282507.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa5.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282508.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13de.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282509.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa7.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282510.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031fa9.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282511.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13df.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282512.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031f98.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282513.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13e1.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282514.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031f9a.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282515.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13e0.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282516.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031f99.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282517.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13e2.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282518.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031f9b.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282519.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13e3.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282520.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031f9c.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282521.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13e4.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282522.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031f9d.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282523.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e13e5.qua'!
 F:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282524.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031f9e.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100717.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13e4.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100718.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13e5.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100719.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13e6.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100720.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f9f.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100721.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13d8.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100722.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13e7.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100723.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13e8.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100724.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13e9.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100725.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f92.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100726.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13ea.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100727.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13eb.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100728.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f1.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100729.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f8a.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100730.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f2.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100731.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f8b.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100732.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f3.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100733.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f4.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100734.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f5.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100735.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f8e.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100736.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f7.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100737.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f6.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100738.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f8f.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100739.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f91.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100740.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f80.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100741.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f9.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100742.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f82.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100743.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13f8.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100744.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13fb.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100745.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f84.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100746.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13fa.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100747.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f83.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100748.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13fc.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100749.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13fd.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100750.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f86.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100751.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13ff.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100752.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001878.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100753.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f85.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100754.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1401.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100755.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4900187a.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100756.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d13fe.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100757.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001f87.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100758.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1403.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100760.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE]      The file was moved to '4900187c.qua'!
 F:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100761.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE]      The file was moved to '486d1400.qua'!
 F:\System Volume Information\_restore{D42C6979-​8923-4E74-AB89-3F8DFE05165C}\R​P548\A0218973.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1405.qua'!
 F:\System Volume Information\_restore{D42C6979-​8923-4E74-AB89-3F8DFE05165C}\R​P548\A0218974.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1406.qua'!
 F:\System Volume Information\_restore{D42C6979-​8923-4E74-AB89-3F8DFE05165C}\R​P548\A0218980.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903187f.qua'!
 F:\ziguang\IME_CleanUp_07.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48811426.qua'!
 F:\ziguang\Unispim_40m3.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a51448.qua'!
 F:\zimagicset671.exe\magicset6​71.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a3143e.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\antivir_workstation_winu​_en_h.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b0144d.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\popogame-2.0.29746.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ac144f.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\richman_setup_1.0.22.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f144d.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\spybotsd152.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b51460.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\Accel.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f1454.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\Install_WLMesseng​er.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af1460.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\QQGame.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48831447.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\QQGameDl.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48831448.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\sanguobaye.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48aa1458.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\Uninstall.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a5146a.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\CChess\CChess.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a4143f.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\CChess\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4893144b.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\Crazyddz\Crazyddz​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1474.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\DdzRpg\ddzrpg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b61469.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\Download\QQGame20​08Beta1_setup.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4883145d.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\Download\QQTang2.​2Beta0114.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48901464.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\hpmj\hpmj.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a9148a.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\hpmj\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931469.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\MiniQQTang\Client​.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a5148d.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\MiniQQTang\QQTTra​ns.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48901473.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\MiniQQTang\UNWISE​.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931470.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\MjRPG\mjrpg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae1492.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\paopaolong\paopao​long.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab148e.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\paopaolong\UNWISE​.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4893147c.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\PocketRPG\PocketR​PG.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489f149e.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\PocketRPG\UNWISE.​EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4893147e.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\SkRpg\skrpg.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae14a6.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\SkRpg\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931489.qua'!
 F:\&#27873;&#27873;&#28216;&#2​5103;\QQGAME\Update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a014ac.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\BNUpdate.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4891148b.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\Frozen Throne.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab14af.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\mpqadd.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ad14ae.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\qqr2_v1.0.1.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[WARNING]   An error has occurred and the file was not deleted. ErrorID: 26001

[WARNING]  
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\RegSetup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a31539.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\UNWISE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48931522.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\Warcraft III.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae1536.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\World Editor.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae1545.qua'!
 F:\&#28216;&#25103;wc3\WC3\&#2​8216;&#25103;\worldedit.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49c3193e.qua'!
 F:\&#33073;&#20820;&#19979;&#3​6733;\Coopen\Coopen.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ab1550.qua'!
 F:\&#33073;&#20820;&#19979;&#3​6733;\Coopen\uninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a51550.qua'!
 Begin scan in 'G:\' <&#30005;&#24433;>
 G:\PC&#29256;&#28779;&#24433;&​#24525;&#32773;&#30340;&#28216​;&#25103;&#65292;&#32477;&#235​45;&#20540;&#24471;&#29645;&#3​4255;&#12290;\NewsBarSetup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b3154b.qua'!
 G:\PC&#29256;&#28779;&#24433;&​#24525;&#32773;&#30340;&#28216​;&#25103;&#65292;&#32477;&#235​45;&#20540;&#24471;&#29645;&#3​4255;&#12290;\SCWU\SCWU.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4893152d.qua'!
 G:\PPStream\PPSAP.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '488f153b.qua'!
 G:\PPStream\PPStream.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49e5e804.qua'!
 G:\PPStream\ppstreamsetup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48af155c.qua'!
 G:\PPStream\uninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a5155b.qua'!
 G:\SXS\fixrjb.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b41558.qua'!
 G:\SXS\GameHall.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a91551.qua'!
 G:\SXS\realjbox.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1556.qua'!
 G:\SXS\realplay.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1559.qua'!
 G:\SXS\rphelperapp.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48a41564.qua'!
 G:\SXS\TTraveler.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48ae1549.qua'!
 G:\SXS\Plugins\SnapShot\SnapSh​ot.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '489d1567.qua'!
 G:\SXS\Setup\setup.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '48b01562.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282567.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e152e.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282568.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031957.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282569.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1520.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282570.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e152f.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282571.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031948.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282572.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1531.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282573.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1530.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282574.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49031949.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282575.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903194a.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282576.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1533.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282577.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903194c.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282578.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1532.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282579.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486e1535.qua'!
 G:\System Volume Information\_restore{026C115B-​942D-4802-8FCA-040D5BA73500}\R​P336\A0282580.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4903194e.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100803.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1533.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100804.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4900194c.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100805.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1534.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100806.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '4900194d.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100807.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1535.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100808.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1536.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100809.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1537.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100810.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001940.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100811.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1538.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100812.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001941.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100813.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d153a.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100814.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '49001943.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100815.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d1539.qua'!
 G:\System Volume Information\_restore{B63028ED-​292B-4683-B20F-278926F358DF}\R​P217\A0100817.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Vimes.A

[NOTE]      The file was moved to '486d153c.qua'!


 End of the scan: mardi 27 mai 2008  16:05
 Used time: 45:28 min

 The scan has been done completely.

7066 Scanning directories
 197496 Files were scanned

1504 viruses and/or unwanted programs were found

6 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1479 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned
 195992 Files not concerned

1245 Archives were scanned

3 Warnings

1479 Notes

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 27/05/2008 à 22:14:18  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Fais un nouveau scan avec combofix et poste-moi le rapport ;)

yangxiao
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 27/05/2008 à 22:54:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voici le nouveau rapport combofix

 ComboFix 08-05-27.3 - user 2008-05-27 23:33:24.2 - NTFSx86
 Microsoft Windows XP Professional  5.1.2600.2.936.1.2052.18.301 [GMT 2:00]
 &#22519;&#34892;&#20301;&#3262​2;: C:\Documents and Settings\user\&#26700;&#38754;​\ComboFix.exe

 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 .

 ((((((((((((((((((((((((((((((​((((((((   &#20854;&#20182;&#36973;&#2103​4;&#38500;&#30340;&#27284;&#26​696;   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 .

 C:\Documents and Settings\LocalService\Favorite​s\&#38142;&#25509;
 C:\Documents and Settings\user\Favorites\&#3814​2;&#25509;
 C:\WINDOWS\pwisys.ini
 C:\WINDOWS\system32\inf\svchos​ts.exe
 C:\WINDOWS\Tasks\SysFile.brk

 .
 ((((((((((((((((((((((((((((((​(((((((((   Drivers/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 -------\Legacy_KERNEL32
 -------\Legacy_MFC42
 -------\Legacy_NESSERY
 -------\Legacy_RESSDT
 -------\Legacy_WINDOWS_0
 -------\Legacy_WININI
 -------\Legacy_ZZZ
 -------\Service_kernel32
 -------\Service_mfc42
 -------\Service_Nessery
 -------\Service_RESSDT
 -------\Service_windows_0
 -------\Service_WinINI


 ((((((((((((((((((((((((((((   2008-04-27 - 2008-05-27 &#20043;&#38291;&#24314;&#3143​5;&#30340;&#27284;&#26696;  ))))))))))))))))))))))))))))))​)))
 .

 2008-05-27 18:45 . 2004-08-05 14:00 25,088 --a------ C:\WINDOWS\system32\userinit.e​xe
 2008-05-26 03:04 . 2006-02-14 16:02 32,768 --a------ C:\WINDOWS\system32\drivers\si​snicxp.sys
 2008-05-25 12:47 . 2008-05-25 12:47 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
 2008-05-25 12:29 . 1982-05-25 15:58 <DIR> d-------- C:\Program Files\Inventel
 2008-05-25 00:58 . 2008-05-20 23:38 4,224 --a------ C:\WINDOWS\system32\drivers\be​ep.sys
 2008-05-25 00:58 . 2008-05-20 23:38 4,224 --a--c--- C:\WINDOWS\system32\dllcache\b​eep.sys
 2008-05-24 17:31 . 2008-05-24 17:48 266 --a------ C:\WINDOWS\system32\mywehit.in​i.tmp
 2008-05-24 15:39 . 2008-05-24 15:39 <DIR> d-------- C:\Program Files\Trend Micro
 2008-05-24 15:26 . 2008-05-24 15:26 2,816 --a------ C:\NPOCTBAmAtecj.sys
 2008-05-24 14:30 . 2008-05-24 14:30 <DIR> d-------- C:\Deckard
 2008-05-24 13:47 . 2008-05-24 17:50 13,695 --a------ C:\WINDOWS\system32\myiecfg.in​i.tmp
 2008-05-23 14:39 . 2008-05-23 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 2008-05-23 13:57 . 2008-05-23 13:57 <DIR> d-------- C:\My Music
 2008-05-23 13:53 . 2008-05-23 13:53 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.O​CX
 2008-05-23 13:52 . 2008-05-23 13:52 44,544 --a------ C:\WINDOWS\system32\drivers\lc​pjpi.sys
 2008-05-23 13:17 . 2008-05-23 13:17 <DIR> d-------- C:\Program Files\Avira
 2008-05-23 13:17 . 2008-05-23 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
 2008-05-23 13:01 . 2006-04-15 02:00 470,528 --a------ C:\WINDOWS\system32\tmpcj1.exe
 2008-05-23 12:57 . 2008-05-23 12:57 89,088 --a------ C:\WINDOWS\newie.exe
 2008-05-20 23:36 . 2008-05-20 23:36 2,816 --a------ C:\flYIQMNvyqH.sys
 2008-05-09 18:39 . 1982-05-26 11:52 121 --a------ C:\time.bat
 2008-05-09 18:16 . 2006-04-15 02:00 470,528 --a------ C:\WINDOWS\system32\tmpzhqbdf1​.exe
 2008-05-09 15:25 . 2008-05-09 15:25 268 --ah----- C:\sqmdata07.sqm
 2008-05-09 15:25 . 2008-05-09 15:25 244 --ah----- C:\sqmnoopt07.sqm
 2008-05-08 21:24 . 2008-05-08 21:24 362 --a------ C:\WINDOWS\zykjn16.ini
 2008-05-08 20:15 . 2008-05-23 14:03 404 --a------ C:\WINDOWS\system32\WAFKPTXBGK​PT.LDO
 2008-05-08 20:08 . 2006-04-15 02:00 470,528 --a------ C:\WINDOWS\system32\tmpcj2.exe
 2008-05-08 20:04 . 2008-05-24 16:55 263 --a------ C:\WINDOWS\system32\myiecfg.in​i
 2008-05-08 19:58 . 2008-05-23 13:54 1,307 --a------ C:\WINDOWS\system32\g001F0yg8.​dll
 2008-05-08 19:56 . 2008-05-08 19:59 233 --a------ C:\WINDOWS\ie.ini
 2008-05-08 19:50 . 1982-05-26 11:52 24 --a------ C:\WINDOWS\system32\pzwmaime.s​ys
 2008-05-08 19:50 . 1982-05-26 11:52 24 --a------ C:\WINDOWS\system32\pzwlaime.s​ys
 2008-05-08 19:46 . 2008-05-08 19:46 256 --a------ C:\WINDOWS\system32\msosfmsq.d​at
 2008-05-08 18:01 . 2008-05-08 18:01 268 --ah----- C:\sqmdata06.sqm
 2008-05-08 18:01 . 2008-05-08 18:01 244 --ah----- C:\sqmnoopt06.sqm
 2008-05-07 22:40 . 2008-05-07 22:40 268 --ah----- C:\sqmdata05.sqm
 2008-05-07 22:40 . 2008-05-07 22:40 244 --ah----- C:\sqmnoopt05.sqm
 2008-05-03 23:07 . 2008-05-03 23:07 268 --ah----- C:\sqmdata04.sqm
 2008-05-03 23:07 . 2008-05-03 23:07 244 --ah----- C:\sqmnoopt04.sqm
 2008-05-03 22:52 . 2008-05-03 22:52 268 --ah----- C:\sqmdata03.sqm
 2008-05-03 22:52 . 2008-05-03 22:52 244 --ah----- C:\sqmnoopt03.sqm
 2008-04-30 17:56 . 2008-05-09 17:28 11 --a------ C:\WINDOWS\win32.btl
 2008-04-30 17:07 . 2008-04-30 17:07 268 --ah----- C:\sqmdata02.sqm
 2008-04-30 17:07 . 2008-04-30 17:07 244 --ah----- C:\sqmnoopt02.sqm
 2008-04-29 22:00 . 2008-04-29 22:00 268 --ah----- C:\sqmdata01.sqm
 2008-04-29 22:00 . 2008-04-29 22:00 244 --ah----- C:\sqmnoopt01.sqm
 2008-04-29 21:53 . 2008-04-29 21:53 268 --ah----- C:\sqmdata00.sqm
 2008-04-29 21:53 . 2008-04-29 21:53 244 --ah----- C:\sqmnoopt00.sqm
 2008-04-28 13:42 . 2008-05-24 17:47 164 --a------ C:\WINDOWS\system32\mywehit.in​i
 2008-04-28 13:26 . 2008-05-27 23:33 <DIR> d-------- C:\WINDOWS\system32\inf
 2008-04-28 13:26 . 2008-04-28 13:26 366 --a------ C:\WINDOWS\zuoyu16.ini
 2008-04-28 12:48 . 1982-05-26 11:52 291 --a------ C:\WINDOWS\cc16.ini
 2008-04-28 12:47 . 1982-05-26 11:52 92 --a------ C:\WINDOWS\system32\systemInfo​mations.ini

 .
 ((((((((((((((((((((((((((((((​((((((   &#36817;&#19977;&#20491;&#2637​6;&#20839;&#26356;&#21205;&#30​340;&#27284;&#26696;   ))))))))))))))))))))))))))))))​)))))))))))))))))
 .
 2008-05-27 13:38 --------- d-----w C:\Program Files\TTPlayer
 2008-05-27 13:36 --------- d-----w C:\Program Files\SogouInput
 2008-05-27 13:35 --------- d-----w C:\Program Files\Microsoft Silverlight
 2008-05-27 13:35 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
 2008-05-27 13:35 --------- d-----w C:\Program Files\EbayShop
 2008-05-27 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Storm
 2008-05-09 20:35 --------- d-----w C:\Program Files\Tencent
 2008-05-05 18:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mb​amcatchme.sys
 2008-05-05 18:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mb​am.sys
 2008-04-25 12:20 41,984 ----a-w C:\WINDOWS\system32\drivers\Ad​Prot.sys
 2008-04-25 12:17 --------- d-----w C:\Documents and Settings\user\Application Data\Tencent
 2008-04-25 12:17 --------- d-----w C:\Documents and Settings\LocalService\Applicat​ion Data\TENCENT
 2008-04-24 15:09 --------- d-----w C:\Documents and Settings\user\Application Data\QQDoctor
 2008-04-22 10:50 --------- d-----w C:\Documents and Settings\user\Application Data\BITS
 2008-04-18 21:58 --------- d-----w C:\Documents and Settings\user\Application Data\Sierra
 2008-04-18 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.D​LL
 1982-05-26 09:52 1,378 ----a-w C:\Program Files\key.txt
 2004-08-08 13:34 1,040 --sh--w C:\WINDOWS\system32\fxwmbime.s​ys
 .

 ------- Sigcheck -------

 2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4​b4 C:\WINDOWS\$hf_mig$\KB917953\S​P2QFE\tcpip.sys
 2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8​c8 C:\WINDOWS\$hf_mig$\KB941644\S​P2QFE\tcpip.sys
 2006-01-13 04:28  359808  537f2982b94ee78f3d12415aae6c10​b8 C:\WINDOWS\$NtUninstallKB91795​3$\tcpip.sys
 2006-04-20 13:51  359808  b4e29943b4b04bd5e7381546848e66​69 C:\WINDOWS\$NtUninstallKB94164​4$\tcpip.sys
 2008-02-10 16:15  360064  01307b76a916a8f6d1f1452744ba7a​d6 C:\WINDOWS\system32\backup\tcp​ip.sys
 2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b1​78 C:\WINDOWS\system32\dllcache\t​cpip.sys
 2007-10-30 19:20  360064  34a663e7f74ae8b2c992c251334347​7e C:\WINDOWS\system32\drivers\tc​pip.sys

 2005-03-02 20:06  2056448  06c8012c1359b3f1d7da5e636e09f2​7f C:\WINDOWS\SoftwareDistributio​n\Download\b0d85704174aa9c1b1e​76540b179a520\sp2gdr\ntkrnlpa.​exe
 2005-03-02 20:11  2056576  7ef6b668225e360e1ea0b93332695f​60 C:\WINDOWS\SoftwareDistributio​n\Download\b0d85704174aa9c1b1e​76540b179a520\sp2qfe\ntkrnlpa.​exe
 2007-02-28 18:02  2057216  c48071f7e65731bd5e30b4267bfeb6​bd C:\WINDOWS\SoftwareDistributio​n\Download\b369a9ee634d10e67e4​b32f9d2284161\sp2gdr\ntkrnlpa.​exe
 2007-02-28 18:06  2059008  50efb1208fa0f0d61a3e08f1ee4160​11 C:\WINDOWS\SoftwareDistributio​n\Download\b369a9ee634d10e67e4​b32f9d2284161\sp2qfe\ntkrnlpa.​exe

 2005-03-02 20:06  2178944  28b76175646d173c1b7aa3a4a79606​21 C:\WINDOWS\SoftwareDistributio​n\Download\b0d85704174aa9c1b1e​76540b179a520\sp2gdr\ntoskrnl.​exe
 2005-03-02 20:12  2179200  874163d22bed8bff3ad2032d477da8​d8 C:\WINDOWS\SoftwareDistributio​n\Download\b0d85704174aa9c1b1e​76540b179a520\sp2qfe\ntoskrnl.​exe
 2007-02-28 18:02  2179968  a0d6d93b135c9b358d70b1f2b2a511​dd C:\WINDOWS\SoftwareDistributio​n\Download\b369a9ee634d10e67e4​b32f9d2284161\sp2gdr\ntoskrnl.​exe
 2007-02-28 18:06  2181760  e75ebd110107d138170eeeb64d5314​71 C:\WINDOWS\SoftwareDistributio​n\Download\b369a9ee634d10e67e4​b32f9d2284161\sp2qfe\ntoskrnl.​exe
 2004-08-05 14:00  2183040  7d38ce4398e6aa6339b4644feadcc0​d8 C:\WINDOWS\system32\ntoskrnl.e​xe
 .
 ((((((((((((((((((((((((((((((​((((((((((((   &#37325;&#35201;&#30331;&#3763​6;&#27284;   ))))))))))))))))))))))))))))))​)))))))))))))))))))))))
 .
 .
 REGEDIT4
 *&#27880;&#24847;* &#31354;&#30333;&#25110;&#2151​2;&#27861;&#30340;&#30331;&#37​636;&#20540;&#23559;&#19981;&#​26371;&#39023;&#31034;.

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-12C9-4305-82F9-43058F20E8D2}]
 2008-03-13 06:50 255296 --a------ C:\Program Files\Tencent\QQDownload\QQIEH​elper02.dll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10FDCE1E-C36A-474E-808E-248C51693DB7}]
    C:\WINDOWS\system32\Nessery.dl​l

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{170165F1-9F65-569F-F895-F14F58F41071}]
    C:\WINDOWS\system32\lofsajbo.d​ll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17A924AF-1A5F-CF21-AB1D-1D5CF82A8A71}]
    C:\WINDOWS\system32\zywlaime.d​ll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{192C0424-8358-4EB4-B62D-F91821BC0745}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AB1F65A-964F-4AE7-B254-05146A0E602E}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29CF293A-1E7D-4069-9E11-E39698D0AF95}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{328DF602-9541-A985-210A-984A698C6F23}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37FD640A-158F-48AC-FD14-1597F14A9773}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4319A1F1-9410-9654-3201-345FFA349134}]
    C:\WINDOWS\system32\zywmdime.d​ll

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A041F13-A111-12A3-B0CF-F99818AA68A4}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A59145F-315D-BC23-AC1F-145DF81A34A5}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669751ED-D558-49AE-B01A-3B374CC7910E}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F76F60B-FF04-4E59-8C6B-B9B53B6EA368}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB3412B6-6D67-4650-B3B4-C2A90191A80F}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCEAF8AB-7DC0-4E09-8E8D-163C1024E04B}]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2006-04-15 02:00 15360]
 "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "KavStart"="C:\KAV2006\KAVStar​t.exe" [ ]
 "CnsM.dll"="C:\PROGRA~1\3721\C​nsM.dll" [ ]
 "helper.dll"="C:\PROGRA~1\3721​\helper.dll" [ ]
 "CnsMin"="C:\WINDOWS\DOWNLO~1\​CnsMin.dll" [ ]
 "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched​.exe" [ ]
 "TuoTu"="C:\Program Files\Tuotu\Tuotu.exe" [ ]
 "stup.exe"="C:\PROGRA~1\TENCEN​T\SSPlus\SPlus.dll" [2007-06-13 09:59 159744]
 "TBMExe"="C:\WINDOWS\Fonts\73f​d1ecc0e85c55597ca6a0ae0dbd951\​system\svchost.exe" [ ]
 "fmsjhif"="C:\WINDOWS\fmsjhif.​exe" [ ]
 "fmsbbqi"="C:\WINDOWS\fmsbbqi.​exe" [ ]
 "dionpis"="C:\WINDOWS\dionpis.​exe" [ ]
 "bincdwsa"="C:\WINDOWS\bincdws​a.exe" [ ]
 "xpngipwm"="C:\WINDOWS\pgpmxxv​d.exe" [ ]
 "huifitc"="C:\WINDOWS\huifitc.​exe" [ ]
 "mfchlp64"="C:\WINDOWS\mfchlp6​4.exe" [ ]
 "fiosectc"="C:\WINDOWS\fiosect​c.exe" [ ]
 "ticisms"="C:\WINDOWS\ticisms.​exe" [ ]
 "tciocp32"="C:\WINDOWS\tciocp3​2.exe" [ ]
 "LoveHebe"="C:\WINDOWS\system3​2\vistaA.exe" [ ]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\RunOnce]
 "52pgnw8k"="C:\WINDOWS\system3​2\ %systemroot%\system32\52pgnw8k​.dll" [ ]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\CTFMON.EXE" [2006-04-15 02:00 15360]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\RunOnce]
 "FlashPlayerUpdate"="C:\WINDOW​S\system32\Macromed\Flash\GetF​lash.exe" [ ]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\explorer\run]
 "myccgj"= rundll32.exe C:\WINDOWS\system32\mycc080302​.dll mymain
 "zhqb_df"= rundll32.exe C:\WINDOWS\system\zhqbdf080427​.dll zhqb16
 "ccwl"= rundll32.exe C:\WINDOWS\system32\ccwld16_08​0426.dll ccwl16
 "cchh"= rundll32.exe C:\WINDOWS\system32\mywcc08050​1.dll bgdll
 "zsmstc"= rundll32.exe C:\WINDOWS\system32\mxcdcsrv16​_080417.dll start

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​policies\explorer\run]
 "zsms_check"= rundll32.exe C:\WINDOWS\system32\zsmscheck0​80423.dll ccwljk16

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\shellexecutehooks]
 "{170165F1-9F65-569F-F895-F14F​58F41071}"= C:\WINDOWS\system32\lofsajbo.d​ll [ ]
 "{4319A1F1-9410-9654-3201-345F​FA349134}"= C:\WINDOWS\system32\zywmdime.d​ll [ ]
 "{17A924AF-1A5F-CF21-AB1D-1D5C​F82A8A71}"= C:\WINDOWS\system32\zywlaime.d​ll [ ]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "vidc.xivd"= C:\Program Files\StormII\codec\xvidvfw.dl​l

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\360rpt.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\360Safe.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\360tray.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\adam.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AgentSvr.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AppSvc32.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\auto.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AutoRun.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\autoruns.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\avgrssvc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\AvMonitor.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\avp.com]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\avp.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\CCenter.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\cross.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\enc98.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\FileDsty.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\guangd.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\HijackThis.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\IceSword.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\iparmo.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Iparmor.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kabaload.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KASMain.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KASTask.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAV32.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVDX.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVSetup.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KAVStart.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KISLnchr.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KMailMon.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KMFilter.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KPFW32.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KPFW32X.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KPFWSvc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KRegEx.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KRepair.COM]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KsLoader.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVCenter.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvDetect.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kvol.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kvolself.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvReport.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVStub.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\kvupload.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KVwsc.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KvXP.kxp]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KWatch.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\KWatchX.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\loaddll.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\MagicSet.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\mcconsol.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\mmqczj.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\mmsk.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\nod32kui.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\PFW.EXE]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\QHSET.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\QQDoctor.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\image file execution options\Ras.exe]
 Debugger=C:\WINDOWS\system32\s​vchost.exe

 [HKEY_LOCAL_