Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.02.15.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 :: KILLERVIRUSFR [administrator] 15/02/2014 15:43:39 mbar-log-2014-02-15 (15-43-39).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 194383 Time elapsed: 2 minute(s), 43 second(s) Memory Processes Detected: 7 C:\WINDOWS\system32\MSDCSC\msdcsc.exe (Backdoor.Agent.DCRSAGen) -> 744 -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe (Trojan.Agent.Gen) -> 1108 -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\intrnet.exe (Trojan.MSIL) -> 1236 -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Trojan.exe (Backdoor.Agent.TRJ) -> 1244 -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe (Trojan.MSIL.UL) -> 3868 -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\server.exe (Trojan.MSIL) -> 3948 -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Svchost.exe (Trojan.MSIL) -> 3964 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\DC3_FEXEC (Malware.Trace) -> Delete on reboot. HKCU\SOFTWARE\FAKEMESSAGE (Malware.Trace) -> Delete on reboot. HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID (Malware.Trace) -> Delete on reboot. Registry Values Detected: 32 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MicroUpdate (Backdoor.Agent.DCRSAGen) -> Data: C:\WINDOWS\system32\MSDCSC\msdcsc.exe -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VanToM (Trojan.Agent.Gen) -> Data: C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|f7a74ce8d62a827374f896562655303d (Trojan.MSIL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" .. -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|f7a74ce8d62a827374f896562655303d (Trojan.MSIL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\intrnet.exe" .. -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2 (Backdoor.Agent.TRJ) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" .. -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2 (Backdoor.Agent.TRJ) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" .. -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|loh (Backdoor.Agent.DCRSAGen) -> Data: C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38 (Trojan.MSIL.UL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" .. -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|33a02ce3a6dc322bc7e588c3c6d40f38 (Trojan.MSIL.UL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" .. -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9 (Trojan.MSIL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" .. -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|378d21732268e1971ca57e15bd4a5ad9 (Trojan.MSIL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" .. -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0 (Trojan.MSIL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" .. -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|b6b14442eb327de390e5ed1e983e5ab0 (Trojan.MSIL) -> Data: "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" .. -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.XTRat) -> Data: C:\WINDOWS\WIN 7\HACKO.exe -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|svchost (Backdoor.XTRat) -> Data: C:\WINDOWS\WIN 7\HACKO.exe -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost (Backdoor.XTRat) -> Data: C:\WINDOWS\WIN 7\HACKO.exe -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.XTRat) -> Data: C:\WINDOWS\WIN 7\HACKO.exe -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|svchost (Backdoor.XTRat) -> Data: C:\WINDOWS\WIN 7\HACKO.exe -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|svchost (Backdoor.XTRat) -> Data: C:\WINDOWS\WIN 7\HACKO.exe -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|asaba3tsh (Worm.Autorun) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Kydixirina (Trojan.Neurevt.FakeFB) -> Data: "C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe" -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|+obOwJbRAzd34AXM (Trojan.Kryptik) -> Data: "C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe" -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ipaxp (Spyware.ZeuS) -> Data: "C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe" -> Delete on reboot. HKCU\SOFTWARE\FAKEMESSAGE|FakeMessage (Malware.Trace) -> Data: OK -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|Facebook Update (Backdoor.Agent.DC) -> Data: %APPDATA%\Microsoft\update.exe -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|antaw4r19 (Worm.AutoRun.Gen) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|b1e1pr00 (Trojan.SpyEyes) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LoftWare (Malware.Trace.E) -> Data: -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Facebook Update (Backdoor.Agent.DC) -> Data: %APPDATA%\Microsoft\update.exe -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|4gr75b2k2 (Trojan.Agent.AIVB) -> Data: C:\DOCUME~1\KILLER~1\4gr75b2k2\54402.vbs -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Taskman (Trojan.Agent) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe -> Delete on reboot. Registry Data Items Detected: 1 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Taskman (Worm.Autorun) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe) Good: () -> Replace on reboot. Folders Detected: 4 C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0 (Backdoor.Bot) -> Delete on reboot. C:\Program Files\Accessories\Common (Trojan.Logger) -> Delete on reboot. C:\Program Files\Accessories\Common\WC (Trojan.Logger) -> Delete on reboot. C:\{$6975-5712-2121-7619$} (Trojan.Agent.BCM) -> Delete on reboot. Files Detected: 142 C:\WINDOWS\system32\MSDCSC\msdcsc.exe (Backdoor.Agent.DCRSAGen) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\intrnet.exe (Trojan.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Trojan.exe (Backdoor.Agent.TRJ) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\loh.exe (Backdoor.Agent.DCRSAGen) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe (Trojan.MSIL.UL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\server.exe (Trojan.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Svchost.exe (Trojan.MSIL) -> Delete on reboot. C:\WINDOWS\WIN 7\HACKO.exe (Backdoor.XTRat) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe (Trojan.Neurevt.FakeFB) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe (Trojan.Kryptik) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe (Spyware.ZeuS) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\update.exe (Trojan.Agent.AI) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\33a02ce3a6dc322bc7e588c3c6d40f38.exe (Trojan.MSIL.UL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\378d21732268e1971ca57e15bd4a5ad9.exe (Trojan.MSIL.GenX) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\5cd8f17f4086744065eb0992a09e05a2.exe (Trojan.MSIL.GenX) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\b6b14442eb327de390e5ed1e983e5ab0.exe (Trojan.MSIL.GenX) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\2968 (Backdoor.Bot.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\HF.EXE (Trojan.VBAgent) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\java.exe (Spyware.WinSpy) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\messenger.exe (Spyware.Password) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\rdbms.exe (Spyware.Password) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\RDS.exe (Spyware.InfoStealer) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\windns.exe (Spyware.Password) -> Delete on reboot. C:\WINDOWS\svchost.com (Virus.Neshta) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\11111-GNP.Scr (Backdoor.Bot.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\64xbit.data (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\payment slip.exe (Backdoor.Agent.DC) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\anor-gpj.Scr (Backdoor.Bot.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\App-SEDEX-00573210002001.scr (Trojan.JavaBun) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\ASIS.exe (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\automatic like.exe (Trojan.PWS.LDPinch) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\BlackGener.exe (Spyware.Password.Usteal) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Dex.exe (Trojan.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Facebook-Hack-2014-NEW-!!.exe (Trojan.Agent.AI) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\ask.exe (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\hack-facebook-v1.0.exe (Trojan.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\messi-gpj.Scr (Backdoor.Bot.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (5).scr (Trojan.CallH) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\favorite.exe (Backdoor.Agent.DC) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\fe9965ccbc6ed2349e654c0e6ea3a671.exe (Trojan.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\GooD.txt.exe (Trojan.PWS.LDPinch) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Hot Video S.exe (Trojan.MSIL.Agent) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\i'm not stiller.exe (Trojan.PWS.LDPinch) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\JLeGioH_Utils.exe (Trojan.PWS.LDPinch) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Mail.ru Private only hiden10050010032352354 By sven.txt.exe (Virus.Neshta) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\mal.exe (Trojan.Banker) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\result.exe (Trojan.PWS.LDPinch) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Server (2).exe (Trojan.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Server.exe (Trojan.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Today News.exe (Trojan.MSIL.Agent) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\two.exe (Backdoor.Agent.DC) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\update.exe (Trojan.Downloader.DF) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (1).cpl (Trojan.Banload) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (1).scr (Trojan.Dropper.SFX) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (12).exe (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (2).cpl (Trojan.Banker) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (2).scr (Backdoor.Bladabindi.MSIL) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (3).cpl (Trojan.Banload) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (3).scr (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (30).exe (Trojan.MSIL.CC) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (37).exe (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (4).scr (Spyware.ZeuS) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (6).exe (Trojan.Dropper.FKS) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\vir (7).exe (Trojan.Dropper.TST) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14\Windows 9.exe (Backdoor.Fynloski) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\Application DataDSWixtEyfn.exe (Trojan.Dropper.MST) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\Application DataKNkwtDUbRc.exe (Trojan.Dropper.MST) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\Application DataSJTJsWYQNt.PNG (Trojan.Dropper.MST) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\Application DataxAGuyctg_I.jpg (Trojan.Dropper.MST) -> Delete on reboot. C:\Program Files\VbNet\windns.exe (Trojan.InfoStealer) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\zipinfo.txt (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\inmsg.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\resu.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ass.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\delkl.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\dete.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\dunin.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\emdc.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\emfz.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\emfzb.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\emine.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\eminu.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\emon.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\emoo.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ftde.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ften.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ftin.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ftpa.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ftps.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ftsv.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\fttx.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ftus.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\inter.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\inuser.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\kp764.sys (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\kp786.sys (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\kpx.sys (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\mail.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\mailkl.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\mailsc.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\MSWINSCK.OCX (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ntfsv.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\oem.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\port.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\pwhost.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\refsdm.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\rmdesk.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\rvhost.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\rvport.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\rwce.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\rwci.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\rwcs.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\scan.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\sccle.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\scday.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\scen.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\scint.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\scint2.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\scloc.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\seek.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\seekil.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\sid2.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ssap.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\type.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\unin.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\update.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\user.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\ushost.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Compress0\weben.dll (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Application Data\msconfig.ini (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\torjan.exe (Backdoor.Agent.TRJ) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\torjan.exe.tmp (Backdoor.Agent.TRJ) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Trojan.exe.tmp (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\1.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Documents and Settings\All Users\explorer.exe (Backdoor.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe (Worm.AutoRun.Gen) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe (Trojan.SpyEyes) -> Delete on reboot. C:\Documents and Settings\Killer_VirusFr\4gr75b2k2\54402.vbs (Trojan.Agent.AIVB) -> Delete on reboot. C:\Program Files\Accessories\Common\desktop.ini (Trojan.Logger) -> Delete on reboot. C:\{$6975-5712-2121-7619$}\comhost.exe (Trojan.Agent.BCM) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end)