Se connecter / S'enregistrer
Votre question

Plus d'Avast-Scan online impossible-Plus de son [Resolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Janvier 2010 21:51:05

Bonjour,

Je suis désarmé sur la machine d'un pote. Il m'a dit qu'avast avait cessé de fonctionner ce que j'ai remarqué mais il est impossible de le relancer ni même de le réinstaller puisque la fenêtre du navigateur qui accède au téléchargement se ferme toute seule !
Il est également impossible de faire un scan en ligne car, par exemple, l'utilitaire Housecall de chez Trend ne se lance pas !
Je pense qu'une grosse s.........e empêche le fonctionnement des anti-virus mais j'avoue que mes compétences ne me permettent pas de dépanner mon copain.
Ah j'oubliais aussi que le logiciel de sa Webcam dit que la webcam est déjà utilisée par un autre programme et que le son ne fonctionne plus.

Quelqu'un pourrait-il m'aider svp.

Par avance merci beaucoup

Configuration: Windows XP
IE 8

Autres pages sur : avast scan online impossible resolu

14 Janvier 2010 22:01:28

Bonjour, si tu essai de le télécharger via un autre pc et de le transférer avec une clé usb, tu peux le réinstaller? Parce que je comprend pas trop « la fenêtre du navigateur qui accède au téléchargement se ferme toute seule » :o 

Fais ça pour voir s'il y a des infections:

Télécharge sur le bureau « RSIT »
* Double-clic dessus
(Avec VISTA > clic-droit et > Exécuter en tant qu'administrateur)
* Laisser « 1 month »
* Cliquer sur « Continue »
* À la fin du scan 2 rapports sont créés: « log.txt » et « info.txt »
* Copier/coller les deux rapports dans la réponse
** Note: les rapports se situent aussi dans « C:\rsit\log.txt » et « C:\rsit\info.txt »
14 Janvier 2010 22:13:55

Bonsoir

En fait si je fait une recherche google sur avast et que je clique sur le lien "telecharger avast" le navigateur (IE 8) se ferme tout seul !
Même chose pour télécharger hijackthis car je viens d'essayer !!
J'ai essayé plusieurs sites de scan en ligne mais l'installation échoue à chaque fois !
je tente RSIT et je te post


Merci de ta réponse rapide
Contenus similaires
14 Janvier 2010 22:25:42

Voila les logs de RSIT

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by JJ at 2010-01-14 22:16:46
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 276 GB (90%) free of 305 GB
Total RAM: 2047 MB (76% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{648E672C-265B-4A83-8463-00F9C02B66BD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2008-01-18 208896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-26 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2010-01-14 81000]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\JJ\Menu Démarrer\Programmes\Démarrage
Logitech . Enregistrement du produit.lnk - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Logitech\Logitech Vid\Vid.exe"="C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-14 22:16:47 ----D---- C:\Program Files\trend micro
2010-01-14 22:16:46 ----D---- C:\rsit
2010-01-14 22:05:30 ----D---- C:\WINDOWS\LastGood
2010-01-14 22:05:30 ----D---- C:\Program Files\AhnLab
2010-01-14 18:57:57 ----D---- C:\WINDOWS\BDOSCAN8
2010-01-14 18:57:55 ----D---- C:\WINDOWS\LastGood.Tmp
2010-01-14 18:45:15 ----A---- C:\WINDOWS\ban_list.txt
2010-01-07 17:35:26 ----D---- C:\col4309
2010-01-07 15:41:38 ----D---- C:\Documents and Settings\JJ\Application Data\HouseCall 6.6
2010-01-07 15:41:37 ----D---- C:\WINDOWS\system32\HouseCall 6.6
2010-01-07 15:13:59 ----D---- C:\WINDOWS\pss
2010-01-05 18:06:39 ----A---- C:\WINDOWS\system32\ban_list.txt
2010-01-03 19:27:48 ----D---- C:\Program Files\Activision
2010-01-03 19:21:13 ----A---- C:\WINDOWS\game.ini
2010-01-02 15:51:33 ----D---- C:\Program Files\Microsoft
2010-01-02 15:51:06 ----D---- C:\Program Files\Windows Live
2010-01-02 14:19:33 ----D---- C:\Program Files\Logitech
2010-01-01 20:17:17 ----HD---- C:\Documents and Settings\JJ\Application Data\m
2010-01-01 20:11:06 ----HD---- C:\Documents and Settings\JJ\Application Data\drivers
2009-12-29 23:20:03 ----A---- C:\WINDOWS\system32\lvci12101110.dll
2009-12-26 23:17:15 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-12-25 20:09:07 ----D---- C:\Documents and Settings\JJ\Application Data\Leadertech
2009-12-25 20:08:40 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2009-12-25 20:08:40 ----A---- C:\WINDOWS\system32\LVUI2.dll
2009-12-25 20:08:40 ----A---- C:\WINDOWS\system32\lvcodec2.dll
2009-12-25 20:08:13 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2009-12-25 20:08:13 ----A---- C:\WINDOWS\system32\lvci1201278.dll
2009-12-25 20:06:26 ----D---- C:\Program Files\Fichiers communs\LogiShrd
2009-12-25 20:06:26 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-12-25 20:02:28 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-25 12:27:22 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-25 12:27:21 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-12-25 11:10:58 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 11:10:58 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-12-25 11:10:57 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 11:10:57 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 11:10:57 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 11:10:56 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 11:10:56 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 11:10:55 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 11:10:55 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 11:10:53 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 11:10:53 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 11:10:53 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 11:10:50 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 11:10:44 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 11:10:43 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 11:10:42 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 11:10:41 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 10:57:39 ----SHD---- C:\WINDOWS\ftpcache
2009-12-22 22:56:11 ----A---- C:\WINDOWS\IsUn040c.exe
2009-12-21 23:02:00 ----A---- C:\Log.txt
2009-12-21 22:55:00 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-21 13:37:00 ----D---- C:\users
2009-12-19 18:56:32 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-12-19 18:56:31 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-12-19 16:01:01 ----D---- C:\Documents and Settings\JJ\Application Data\Help

======List of files/folders modified in the last 1 months======

2010-01-14 22:16:47 ----RD---- C:\Program Files
2010-01-14 22:16:46 ----D---- C:\WINDOWS\Prefetch
2010-01-14 22:08:25 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 22:08:22 ----D---- C:\WINDOWS
2010-01-14 22:07:26 ----D---- C:\WINDOWS\Temp
2010-01-14 22:06:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 22:05:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-14 22:05:30 ----HD---- C:\WINDOWS\inf
2010-01-14 22:02:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 20:53:05 ----D---- C:\WINDOWS\system32
2010-01-14 20:53:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-13 11:22:09 ----D---- C:\Documents and Settings\JJ\Application Data\vlc
2010-01-13 10:39:40 ----D---- C:\Program Files\Windows Media Player
2010-01-08 17:47:58 ----D---- C:\Program Files\eMule
2010-01-07 17:37:41 ----SHD---- C:\WINDOWS\Installer
2010-01-07 17:37:32 ----A---- C:\WINDOWS\win.ini
2010-01-07 17:37:18 ----D---- C:\Program Files\Hewlett-Packard
2010-01-03 20:33:49 ----D---- C:\WINDOWS\network diagnostic
2010-01-03 19:38:21 ----D---- C:\WINDOWS\system32\DirectX
2010-01-03 19:38:15 ----RSD---- C:\WINDOWS\assembly
2010-01-03 13:09:59 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-01-03 13:03:06 ----D---- C:\Documents and Settings\JJ\Application Data\Dofus 2
2010-01-02 19:24:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-02 15:51:12 ----RSD---- C:\WINDOWS\Fonts
2010-01-02 12:22:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-02 12:03:40 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-29 23:20:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-29 23:20:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-29 23:20:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 20:08:40 ----D---- C:\WINDOWS\twain_32
2009-12-25 20:06:26 ----D---- C:\Program Files\Fichiers communs
2009-12-25 11:10:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 11:09:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 10:56:15 ----D---- C:\Program Files\Mafia
2009-12-25 10:56:02 ----D---- C:\Program Files\Mario Forever
2009-12-24 18:58:38 ----D---- C:\Documents and Settings\JJ\Application Data\XnView
2009-12-18 17:30:56 ----D---- C:\Documents and Settings\JJ\Application Data\dvdcss
2009-12-15 18:24:12 ----D---- C:\Program Files\Dofus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-01-07 82380]
R1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 sK9Ou0s;sK9Ou0s; \??\C:\WINDOWS\system32\srosa2.sys []
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-02-15 14336]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys [2008-01-09 40960]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;Logitech Webcam 300(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys []
S4 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys []
S4 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
S4 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-04-24 598016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-26 153376]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-04-24 176128]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-03 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-03 103736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2010-01-14 18752]
S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2010-01-14 138680]
S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2010-01-07 254040]
S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2010-01-07 352920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt

info.txt logfile of random's system information tool 1.06 2010-01-14 22:16:49

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe"
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Coffret de pilotes Logitech Webcam Software-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_12.0" /clone_wait /hide_progress
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe
Dofus-->msiexec /qb /x {5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}
Dofus-->MsiExec.exe /I{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Photo and Imaging 2.2 - Scanjet 3970 Series-->MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech High Quality Video-->MsiExec.exe /X{281D28EC-1357-4778-B2D7-DEA56D70EF96}
Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x040c -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
QT Lite 3.0.0-->"C:\Program Files\QT Lite\unins000.exe"
Readiris Pro 8-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}\setup.exe" -l0x40c
Real Alternative 2.0.1-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Reg (DOFUS Audio Subsystem)-->msiexec /qb /x {3F900346-A316-BA88-B83C-2513F1260AD7}
Reg (DOFUS Audio Subsystem)-->MsiExec.exe /I{3F900346-A316-BA88-B83C-2513F1260AD7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XnView 1.96.5-->"C:\Program Files\XnView\unins000.exe"

======Security center information======

AV: avast! antivirus 4.8.1356 [VPS 091231-0]

======System event log======

Computer Name: MON-PC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 5441
Source Name: Service Control Manager
Time Written: 20091229121217.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MON-PC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service aswRdr.

Record Number: 5440
Source Name: Service Control Manager
Time Written: 20091229121217.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MON-PC
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

Record Number: 5439
Source Name: Service Control Manager
Time Written: 20091229121217.000000+060
Event Type: Informations
User:

Computer Name: MON-PC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 5438
Source Name: Service Control Manager
Time Written: 20091229121217.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MON-PC
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 5437
Source Name: Service Control Manager
Time Written: 20091229121216.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: MON-PC
Event Code: 1000
Message: Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant flash10c.ocx, version 10.0.32.18, adresse de défaillance 0x0004dc9f.

Record Number: 508
Source Name: Application Error
Time Written: 20091216224046.000000+060
Event Type: erreur
User:

Computer Name: MON-PC
Event Code: 1000
Message: Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant flash10c.ocx, version 10.0.32.18, adresse de défaillance 0x0004dc9f.

Record Number: 507
Source Name: Application Error
Time Written: 20091216224040.000000+060
Event Type: erreur
User:

Computer Name: MON-PC
Event Code: 4097
Message: L'application, C:\Program Files\Internet Explorer\iexplore.exe, a généré une erreur d'application
L'erreur s'est produite le 12/16/2009 à 22:40:19.484
L'exception générée était c0000005 à l'adresse 05DCDC9F (Flash10c)

Record Number: 506
Source Name: DrWatson
Time Written: 20091216224019.000000+060
Event Type: Informations
User:

Computer Name: MON-PC
Event Code: 1000
Message: Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant flash10c.ocx, version 10.0.32.18, adresse de défaillance 0x0004dc9f.

Record Number: 505
Source Name: Application Error
Time Written: 20091216224017.000000+060
Event Type: erreur
User:

Computer Name: MON-PC
Event Code: 1000
Message: Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant flash10c.ocx, version 10.0.32.18, adresse de défaillance 0x0004dc9f.

Record Number: 504
Source Name: Application Error
Time Written: 20091216224011.000000+060
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QT Lite\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
14 Janvier 2010 22:42:58

Ok, il y a l'air d'avoir du bagle, on va vérifier ça:

*Désactiver l'antivirus

Télécharger sur le bureau « FindyKill »

* Double clic pour l'installer
* Installer simplement sans rien modifier
* Double-cliquez sur « FindyKill » qui vient d'apparaître sur le bureau
* Taper « F » pour la langue française, puis valider
* Choisir l'option « 1 », et valider par « entrée »
* Quand le message vous y invite, Connecter au pc, clé USB, DD externes, susceptibles d'avoir été infectés, sans les ouvrir
** Note: Le menu Démarrer et les icônes vont disparaitrent
* La recherche s'effectue, cela peut prendre plusieurs minutes, ne touchez à rien
* Une fois l'analyse terminé, un rapport de scan vous est proposé... appuyez sur une touche pour ouvrir ce rapport.
* Copier/coller le rapport dans la réponse
14 Janvier 2010 23:01:59

voila le rapport de findykill


############################## | FindyKill V5.024 |

# User : JJ (Administrateurs) # MON-PC
# Update on 09/01/2010 by El Desaparecido
# Start at: 22:57:59 | 14/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) II X2 240 Processor
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1356 [VPS 091231-0] 4.8.1356 [ Enabled | Updated ]

# C:\ # Disque fixe local # 298,08 Go (269,12 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JJ\Application Data\drivers\winupgro.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\JJ\Application Data\m\flec006.exe
C:\WINDOWS\wintems.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

############################## | Processus infectieux stoppés |

"C:\Documents and Settings\JJ\Application Data\drivers\winupgro.exe" (2008)
"C:\Documents and Settings\JJ\Application Data\m\flec006.exe" (324)
"C:\WINDOWS\wintems.exe" (1400)

################## | C: |


################## | C:\WINDOWS |

Présent ! C:\WINDOWS\ban_list.txt
Présent ! C:\WINDOWS\mdelk.exe
Présent ! C:\WINDOWS\wintems.exe

################## | C:\WINDOWS\Prefetch |

Présent ! C:\WINDOWS\Prefetch\15069234.EXE-071AE381.pf
Présent ! C:\WINDOWS\Prefetch\15093515.EXE-0918CB58.pf
Présent ! C:\WINDOWS\Prefetch\15109578.EXE-3232EB3A.pf
Présent ! C:\WINDOWS\Prefetch\15115062.EXE-00DCB90B.pf
Présent ! C:\WINDOWS\Prefetch\30169046.EXE-2EF6DB3F.pf
Présent ! C:\WINDOWS\Prefetch\30180812.EXE-2D8A5B92.pf
Présent ! C:\WINDOWS\Prefetch\30200437.EXE-0B2CDD5C.pf
Présent ! C:\WINDOWS\Prefetch\30203671.EXE-08702552.pf
Présent ! C:\WINDOWS\Prefetch\37578.EXE-2265A090.pf
Présent ! C:\WINDOWS\Prefetch\38031.EXE-34542C8A.pf
Présent ! C:\WINDOWS\Prefetch\48171.EXE-020B0690.pf
Présent ! C:\WINDOWS\Prefetch\51734.EXE-082036B3.pf
Présent ! C:\WINDOWS\Prefetch\52734.EXE-1FF08F87.pf
Présent ! C:\WINDOWS\Prefetch\55468.EXE-26FA935A.pf
Présent ! C:\WINDOWS\Prefetch\57578.EXE-2178C95E.pf
Présent ! C:\WINDOWS\Prefetch\64718.EXE-11A45415.pf
Présent ! C:\WINDOWS\Prefetch\64984.EXE-0CD6CC77.pf
Présent ! C:\WINDOWS\Prefetch\68046.EXE-1A69A243.pf
Présent ! C:\WINDOWS\Prefetch\68531.EXE-0AB74AD0.pf
Présent ! C:\WINDOWS\Prefetch\70671.EXE-2E6D7920.pf
Présent ! C:\WINDOWS\Prefetch\73359.EXE-236F578E.pf
Présent ! C:\WINDOWS\Prefetch\738906.EXE-067CAE96.pf
Présent ! C:\WINDOWS\Prefetch\742390.EXE-07F6EEF5.pf
Présent ! C:\WINDOWS\Prefetch\749359.EXE-1DE1DF00.pf
Présent ! C:\WINDOWS\Prefetch\751546.EXE-3A5C0C8B.pf
Présent ! C:\WINDOWS\Prefetch\77406.EXE-324FC0FB.pf
Présent ! C:\WINDOWS\Prefetch\83015.EXE-0F4D3B84.pf
Présent ! C:\WINDOWS\Prefetch\85375.EXE-203A1D67.pf
Présent ! C:\WINDOWS\Prefetch\89750.EXE-1001FDD7.pf
Présent ! C:\WINDOWS\Prefetch\93703.EXE-302B9779.pf
Présent ! C:\WINDOWS\Prefetch\FLEC006.EXE-3AB6E7F4.pf
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf
Présent ! C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf

################## | C:\WINDOWS\system32 |

Présent ! C:\WINDOWS\system32\ban_list.txt
Présent ! C:\WINDOWS\system32\mdelk.exe
Présent ! C:\WINDOWS\system32\srosa2.sys
Présent ! C:\WINDOWS\system32\wfsintwq.sys
Présent ! C:\WINDOWS\system32\wintems.exe

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\JJ\Application Data |

Présent ! C:\Documents and Settings\JJ\Application Data\drivers
Présent ! C:\Documents and Settings\JJ\Application Data\drivers\downld
Présent ! C:\Documents and Settings\JJ\Application Data\drivers\winupgro.exe
Présent ! C:\Documents and Settings\JJ\Application Data\m
Présent ! C:\Documents and Settings\JJ\Application Data\m\data.oct
Présent ! C:\Documents and Settings\JJ\Application Data\m\flec006.exe
Présent ! C:\Documents and Settings\JJ\Application Data\m\list.oct
Présent ! C:\Documents and Settings\JJ\Application Data\m\srvlist.oct
Présent ! C:\Documents and Settings\JJ\Application Data\m\shared

################## | Temporary Internet Files |

Présent ! C:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\61SJHXH3\mxd[1].jpg

################## | Registre |

Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Présent ! [HKLM\SYSTEM\ControlSet003\Services\srosa]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\DateTime4]
Présent ! [HKCU\Software\MuleAppData]
Présent ! [HKCU\Software\WS35]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\bisoft]
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\DateTime4]
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\MuleAppData]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\keygen]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\serial]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\keygen]
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\serial]
Présent ! [HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat |

# Affichage des fichiers cachés : OK

Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | Cracks > Keygens > Serials |

"C:\Documents and Settings\JJ\Local Settings\Temp\7zO2.tmp\serial.exe"
13/10/2004 01:03 |Size 851968 |Crc32 76530740 |Md5 416e823819a01fc3f459c295ed0ed34a


################## | ! Fin du rapport # FindyKill V5.024 ! |

14 Janvier 2010 23:21:32

Bingo! :lol: 

* Lancer « FindyKill »
* Choisir cette fois l'option « 2 », puis validée par « entrée »
* Quand le message vous y invite, Connecter au pc, clé USB, DD externes, susceptibles d'avoir été infectés, sans les ouvrir
** Note: Le menu Démarrer et les icônes vont disparaitrent
* Le nettoyage va prendre quelques minutes... Appuyez sur OK sur la fenêtre d'informations
* Le fix peux avoir besoin de redémarrer l'ordinateur, un message vous en averti, vous devez appuyer sur une touche.
* Au redémarrage, le fix se relance... laissez l'opération s'effectuer.
* Un rapport de nettoyage vous est proposé... appuyez sur une touche pour ouvrir ce rapport.
* Copier/coller le rapport dans la réponse
16 Janvier 2010 01:12:03

Bonsoir

Je viens de lancer la procédure mais ça a l'air de prendre du temps.
Je te poste le rapport demain.
Merci encore pour ton aide
16 Janvier 2010 09:28:24

Bonjour

j'ai lancé findykill hier soir et je suis parti dormir alors que le scan était à 30 %.
Je reviens ce matin et il est encore à 30 % !! Est-ce normal que ce soit aussi long ?
Le programme semble fonctionner puisqu'il scan tous les .exe mais il est dans le path suivant :
C:\System volume information\Restore\ etc... et cela prend du temps.
Le PC se met en veille : est-ce que cela arrête le programme ?

Merci de ta réponse
16 Janvier 2010 16:23:36

Hum... il me semble pas que ça doit durer des heures et des heures. Pour la veille je ne sais pas...

Là il scan où il ne bouge plus?
16 Janvier 2010 17:07:38

Le scan bouge tout le temps mais la barre de progression est toujours à 30 % ! Je crois qu'il passe un temps fou sur les .exe qui sont dans les dossiers de restauration system dans :

path : C:\System Volume Information\_restore{série de chiffres et de lettres longue comme le bras}\RP94

file : A0011645.exe

le path et le file se modifie sans arrêt donc c'est que le scan se poursuit mais p......... c'est long !!

Est-ce que je dois tout arrêter ? Ca tourne depuis hier soir !! J'ai prévenu mon pote qu'il n'aurait pas son PC ce soir !!
Je lui également soumis l'idée de ne pas laisser ses gosses télécharger n'importe quoi avec emule et de faire l'acquisition d'un anti-virus et d'un pare-feu fiables.

16 Janvier 2010 17:22:09

Laisse le encore un peu, si ce soir (vers 20h) ça tourne encore, on fera autrement.
17 Janvier 2010 00:22:33

Salut

le scan avait avancé jusqu'à 40% mais il est bloqué sur un fichier depuis un bout de temps.
Je le stoppe et j'attends tes nouvelles consignes.

17 Janvier 2010 00:50:30

Ok, on va faire autrement pour supprimer le bagle:

* Désactive l'antivirus

* Faire un clic droit ici sur «Combofix »

* enregistrer la cible du lien sous
==> choisir :Bureau
et avant d'accepter ==> remplacer : Combofix par: cftest

* Double-clic sur « cftest »
** Si invitation à télécharger et installer la console de récupération, l'accepter
* La recherche va ensuite se lancer
* Attendre la fermeture de l’outil ( 5 à 10 mn)
* Copier/coller le rapport dans la réponse
* Un rapport dans C:\Combofix.txt à mettre dans la réponse
17 Janvier 2010 11:55:47

Bonjour

J'ai bien tout noté seulement je ne peux pas désactiver avast puisque je n'ai pas la main sur le logiciel (aucune icone).
Combofix m'avertit que le scan d'avast est actif mais je n'ai aucun moyen de le désactiver.
Je ne sais pas quel processus je dois désactiver.
Merci
17 Janvier 2010 12:41:35

Pas grave, normalement tu peux outrepasser le message
17 Janvier 2010 14:17:32

Voila le 1er rapport de combofix

ComboFix 10-01-16.03 - JJ 17/01/2010 13:49:15.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1597 [GMT 1:00]
Lancé depuis: c:\documents and settings\JJ\Bureau\cftest.exe
AV: avast! antivirus 4.8.1356 [VPS 091231-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JJ\Application Data\Dossier de téléchargement Share-to-Web
C:\LOG.TXT
c:\windows\clofghls.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-17 au 2010-01-17 ))))))))))))))))))))))))))))))))))))
.

2010-01-17 12:54 . 2010-01-17 12:54 -------- d-----w- c:\documents and settings\JJ\Application Data\Dossier de téléchargement Share-to-Web
2010-01-14 21:57 . 2010-01-15 23:42 -------- d-----w- C:\FindyKill
2010-01-14 21:16 . 2010-01-14 21:16 -------- d-----w- c:\program files\trend micro
2010-01-14 21:16 . 2010-01-14 21:16 -------- d-----w- C:\rsit
2010-01-14 17:57 . 2010-01-14 18:04 -------- d-----w- c:\windows\BDOSCAN8
2010-01-07 16:35 . 2010-01-07 16:35 -------- d-----w- C:\col4309
2010-01-07 15:06 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\JJ\Application Data\HouseCall 6.6\vsapi32.dll
2010-01-07 15:06 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\JJ\Application Data\HouseCall 6.6\BPMNT.dll
2010-01-07 15:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\JJ\Application Data\HouseCall 6.6\ssapi32.dll
2010-01-07 15:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\JJ\Application Data\HouseCall 6.6\tsc.exe
2010-01-07 14:41 . 2010-01-07 15:14 -------- d-----w- c:\documents and settings\JJ\Application Data\HouseCall 6.6
2010-01-07 14:41 . 2010-01-07 14:41 -------- d-----w- c:\windows\system32\HouseCall 6.6
2010-01-03 18:27 . 2010-01-03 18:27 -------- d-----w- c:\program files\Activision
2010-01-02 14:51 . 2010-01-02 14:51 -------- d-----w- c:\program files\Microsoft
2010-01-02 14:51 . 2010-01-02 14:51 -------- d-----w- c:\program files\Windows Live
2010-01-02 14:35 . 2010-01-02 14:53 33008 ----a-w- c:\documents and settings\JJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 13:19 . 2010-01-07 14:07 -------- d-----w- c:\program files\Logitech
2009-12-29 22:20 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2009-12-29 22:19 . 2009-12-29 22:19 152576 ----a-w- c:\documents and settings\JJ\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-29 17:41 . 2009-12-29 17:41 79488 ----a-w- c:\documents and settings\JJ\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-26 22:17 . 2009-12-26 22:17 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-25 19:09 . 2009-12-25 19:09 -------- d-----w- c:\documents and settings\JJ\Local Settings\Application Data\LogiShrd
2009-12-25 19:09 . 2009-12-25 19:09 -------- d-----w- c:\documents and settings\JJ\Application Data\Leadertech
2009-12-25 19:08 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-12-25 19:08 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-12-25 19:08 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-12-25 19:08 . 2009-10-07 08:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-12-25 19:08 . 2009-10-07 08:47 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-12-25 19:08 . 2009-10-07 08:46 114712 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2009-12-25 19:08 . 2009-10-07 08:24 34068 ----a-w- c:\windows\system32\Repository.reg
2009-12-25 19:08 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2009-12-25 19:07 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2009-12-25 19:06 . 2010-01-02 18:13 -------- d-----w- c:\program files\Fichiers communs\LogiShrd
2009-12-25 19:06 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-12-25 12:02 . 2009-12-25 12:02 -------- d-----w- c:\documents and settings\JJ\Local Settings\Application Data\PunkBuster
2009-12-25 11:27 . 2010-01-03 18:37 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-25 11:27 . 2010-01-03 18:37 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-25 11:27 . 2010-01-03 18:37 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-25 09:57 . 2009-12-25 09:57 -------- d-sh--w- c:\windows\ftpcache
2009-12-22 21:56 . 1998-11-13 12:16 308224 ----a-w- c:\windows\IsUn040c.exe
2009-12-22 21:55 . 2009-12-22 21:55 -------- d-----w- c:\documents and settings\JJ\WINDOWS
2009-12-21 12:37 . 2009-12-21 12:37 -------- d-----w- C:\users
2009-12-19 17:56 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-19 17:56 . 2008-04-13 18:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-19 15:01 . 2009-12-19 15:01 -------- d-----w- c:\documents and settings\JJ\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 12:54 . 2010-01-17 12:54 -------- d-----w- c:\documents and settings\JJ\Application Data\Dossier de téléchargement Share-to-Web
2010-01-14 19:53 . 2004-08-05 12:00 80712 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-14 19:53 . 2004-08-05 12:00 500784 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-13 10:22 . 2009-10-26 16:52 -------- d-----w- c:\documents and settings\JJ\Application Data\vlc
2010-01-09 16:50 . 2009-12-25 19:09 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-09 16:50 . 2009-12-25 19:07 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-08 16:47 . 2009-10-28 14:41 -------- d-----w- c:\program files\eMule
2010-01-07 16:37 . 2009-10-26 18:52 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-01-07 16:37 . 2009-10-26 18:51 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-07 15:05 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\JJ\Application Data\HouseCall 6.6\Uninstaller.exe
2010-01-03 13:59 . 2009-10-26 16:20 1 ----a-w- c:\documents and settings\JJ\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-03 12:09 . 2009-12-02 10:11 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-01-03 12:03 . 2009-12-02 16:26 -------- d-----w- c:\documents and settings\JJ\Application Data\Dofus 2
2009-12-25 10:09 . 2009-10-26 14:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 09:56 . 2009-10-27 13:09 -------- d-----w- c:\program files\Mafia
2009-12-25 09:56 . 2009-11-19 17:23 -------- d-----w- c:\program files\Mario Forever
2009-12-24 17:58 . 2009-10-26 15:31 -------- d-----w- c:\documents and settings\JJ\Application Data\XnView
2009-12-18 16:30 . 2009-11-05 17:29 -------- d-----w- c:\documents and settings\JJ\Application Data\dvdcss
2009-12-15 17:24 . 2009-11-06 16:07 -------- d-----w- c:\program files\Dofus
2009-12-14 22:30 . 2009-12-13 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-14 22:28 . 2009-12-13 17:57 -------- d-----w- c:\program files\Microsoft Works
2009-12-13 17:56 . 2009-12-13 17:56 -------- d-----w- c:\program files\Microsoft.NET
2009-12-02 16:31 . 2009-12-02 16:31 -------- d-----w- c:\documents and settings\JJ\Application Data\Dofus-5.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 16:31 . 2009-12-02 16:31 -------- d-----w- c:\documents and settings\JJ\Application Data\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 16:30 . 2009-12-02 16:30 -------- d-----w- c:\documents and settings\JJ\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 16:29 . 2009-12-02 16:29 -------- d-----w- c:\documents and settings\JJ\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 16:26 . 2009-12-02 16:26 -------- d-----w- c:\documents and settings\JJ\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 16:26 . 2009-12-02 16:26 -------- d-----w- c:\documents and settings\JJ\Application Data\app
2009-12-02 16:26 . 2009-12-02 16:26 -------- d-----w- c:\documents and settings\JJ\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 10:11 . 2009-12-02 10:11 -------- d-----w- c:\program files\Dofus 2
2009-12-02 10:11 . 2009-12-02 10:11 38208 ----a-w- c:\documents and settings\JJ\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-02 10:11 . 2009-12-02 10:11 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-29 07:42 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 16:02 . 2009-10-26 16:02 1961720 ----a-w- c:\documents and settings\JJ\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-10-26 15:15 . 2009-10-26 13:44 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 14:33 . 2009-10-26 14:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-26 14:33 . 2009-10-26 14:33 152576 ----a-w- c:\documents and settings\JJ\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-26 13:42 . 2009-10-26 13:42 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2004-08-05 12:00 . 2004-08-05 12:00 94864 --sh--w- c:\windows\twain.dll
2008-04-13 18:33 . 2004-08-05 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-13 18:33 . 2004-08-05 12:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-13 18:33 . 2004-08-05 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-13 18:33 . 2004-08-05 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-13 18:33 . 2004-08-05 12:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-13 18:33 . 2004-08-05 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-13 18:33 . 2004-08-05 12:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-13 18:34 . 2004-08-05 12:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-26 149280]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2009-10-07 460048]

c:\documents and settings\JJ\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2008-11-7 517384]

c:\documents and settings\JJ\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2008-11-7 517384]

c:\documents and settings\JJ\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2008-11-7 517384]

c:\documents and settings\JJ\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2008-11-7 517384]

[HKLM\~\startupfolder\C:^Documents and Settings^JJ^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\JJ\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2010-01-15 23:38 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{648E672C-265B-4A83-8463-00F9C02B66BD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 13:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(3412)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-01-17 14:00:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-17 13:00

Avant-CF: 289 056 690 176 octets libres
Après-CF: 289 855 119 360 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 1442FE23992F2F70164E1BE9DDBE5427

Merci de ta réponse


17 Janvier 2010 14:28:37

Ok, relance findykill en option 2 maintenant (on va voir si ça passe mieux)
17 Janvier 2010 15:11:55

Findykil est reparti mais je crains que cela se passe de la même façon car il est toujours à 30 % et scan les mêmes fichiers qu'avant en passant autant de temps !!

17 Janvier 2010 16:47:58

Ok, on va le faire autrement: arrête findykill et

Télécharger sur le bureau « OTMoveIt.exe »

* Copier ce texte

:Processes
explorer.exe
winupgro.exe
flec006.exe
wintems.exe

:Reg
[-HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
[-HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
[-HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
[-HKLM\SYSTEM\CurrentControlSet\Services\srosa]
[-HKLM\SYSTEM\ControlSet001\Services\srosa]
[-HKLM\SYSTEM\ControlSet003\Services\srosa]
[-HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
[-HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
[-HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
[-HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
[-HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
[-HKCU\Software\bisoft]
[-HKCU\Software\DateTime4]
[-HKCU\Software\MuleAppData]
[-HKCU\Software\WS35]
[-HKCU\Software\Local AppWizard-Generated Applications\keygen]
[-HKCU\Software\Local AppWizard-Generated Applications\serial]
[-HKCU\Software\Local AppWizard-Generated Applications\winupgro]
[-HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\keygen]
[-HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\serial]
[-HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]
[-HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\bisoft]
[-HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\DateTime4]
[-HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\MuleAppData]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-
"german.exe"=-
"mule_st_key"=-
[HKU\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"mule_st_key"=-
"drvsyskit"=-
"german.exe"=-

:Files
C:\WINDOWS\ban_list.txt
C:\WINDOWS\mdelk.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\Prefetch\15069234.EXE-071AE381.pf
C:\WINDOWS\Prefetch\15093515.EXE-0918CB58.pf
C:\WINDOWS\Prefetch\15109578.EXE-3232EB3A.pf
C:\WINDOWS\Prefetch\15115062.EXE-00DCB90B.pf
C:\WINDOWS\Prefetch\30169046.EXE-2EF6DB3F.pf
C:\WINDOWS\Prefetch\30180812.EXE-2D8A5B92.pf
C:\WINDOWS\Prefetch\30200437.EXE-0B2CDD5C.pf
C:\WINDOWS\Prefetch\30203671.EXE-08702552.pf
C:\WINDOWS\Prefetch\37578.EXE-2265A090.pf
C:\WINDOWS\Prefetch\38031.EXE-34542C8A.pf
C:\WINDOWS\Prefetch\48171.EXE-020B0690.pf
C:\WINDOWS\Prefetch\51734.EXE-082036B3.pf
C:\WINDOWS\Prefetch\52734.EXE-1FF08F87.pf
C:\WINDOWS\Prefetch\55468.EXE-26FA935A.pf
C:\WINDOWS\Prefetch\57578.EXE-2178C95E.pf
C:\WINDOWS\Prefetch\64718.EXE-11A45415.pf
C:\WINDOWS\Prefetch\64984.EXE-0CD6CC77.pf
C:\WINDOWS\Prefetch\68046.EXE-1A69A243.pf
C:\WINDOWS\Prefetch\68531.EXE-0AB74AD0.pf
C:\WINDOWS\Prefetch\70671.EXE-2E6D7920.pf
C:\WINDOWS\Prefetch\73359.EXE-236F578E.pf
C:\WINDOWS\Prefetch\738906.EXE-067CAE96.pf
C:\WINDOWS\Prefetch\742390.EXE-07F6EEF5.pf
C:\WINDOWS\Prefetch\749359.EXE-1DE1DF00.pf
C:\WINDOWS\Prefetch\751546.EXE-3A5C0C8B.pf
C:\WINDOWS\Prefetch\77406.EXE-324FC0FB.pf
C:\WINDOWS\Prefetch\83015.EXE-0F4D3B84.pf
C:\WINDOWS\Prefetch\85375.EXE-203A1D67.pf
C:\WINDOWS\Prefetch\89750.EXE-1001FDD7.pf
C:\WINDOWS\Prefetch\93703.EXE-302B9779.pf
C:\WINDOWS\Prefetch\FLEC006.EXE-3AB6E7F4.pf
C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf
C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\srosa2.sys
C:\WINDOWS\system32\wfsintwq.sys
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\JJ\Application Data\drivers
C:\Documents and Settings\JJ\Application Data\drivers\downld
C:\Documents and Settings\JJ\Application Data\drivers\winupgro.exe
C:\Documents and Settings\JJ\Application Data\m
C:\Documents and Settings\JJ\Application Data\m\data.oct
C:\Documents and Settings\JJ\Application Data\m\flec006.exe
C:\Documents and Settings\JJ\Application Data\m\list.oct
C:\Documents and Settings\JJ\Application Data\m\srvlist.oct
C:\Documents and Settings\JJ\Application Data\m\shared
C:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\61SJHXH3\mxd[1].jpg

:Commands
[emptytemp]
[start explorer]
[Reboot]


* Double-clic sur OTMoveIt.exe

* Dans le cadre de Gauche « Paste Instructions for Items to be Moved » ==> clic-droit ==> coller
* Clic « MoveIt! »
* si redémarrage demandé==> Clic : « YES »
* Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse (format du type => mmjjaaaa_hhmmss.log)
17 Janvier 2010 17:10:49

Voila le log. J'espère qu'on va y arriver !!

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named winupgro.exe was found!
No active process named flec006.exe was found!
No active process named wintems.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA\ not found.
Registry key HKEY_CURRENT_USER\Software\bisoft\ not found.
Registry key HKEY_CURRENT_USER\Software\DateTime4\ not found.
Registry key HKEY_CURRENT_USER\Software\MuleAppData\ not found.
Registry key HKEY_CURRENT_USER\Software\WS35\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\keygen\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\serial\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\bisoft\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\DateTime4\ not found.
Registry key HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\MuleAppData\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drvsyskit not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\german.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mule_st_key not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\mule_st_key not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\drvsyskit not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\german.exe not found.
========== FILES ==========
File/Folder C:\WINDOWS\ban_list.txt not found.
File/Folder C:\WINDOWS\mdelk.exe not found.
File/Folder C:\WINDOWS\wintems.exe not found.
File/Folder C:\WINDOWS\Prefetch\15069234.EXE-071AE381.pf not found.
File/Folder C:\WINDOWS\Prefetch\15093515.EXE-0918CB58.pf not found.
File/Folder C:\WINDOWS\Prefetch\15109578.EXE-3232EB3A.pf not found.
File/Folder C:\WINDOWS\Prefetch\15115062.EXE-00DCB90B.pf not found.
File/Folder C:\WINDOWS\Prefetch\30169046.EXE-2EF6DB3F.pf not found.
File/Folder C:\WINDOWS\Prefetch\30180812.EXE-2D8A5B92.pf not found.
File/Folder C:\WINDOWS\Prefetch\30200437.EXE-0B2CDD5C.pf not found.
File/Folder C:\WINDOWS\Prefetch\30203671.EXE-08702552.pf not found.
File/Folder C:\WINDOWS\Prefetch\37578.EXE-2265A090.pf not found.
File/Folder C:\WINDOWS\Prefetch\38031.EXE-34542C8A.pf not found.
File/Folder C:\WINDOWS\Prefetch\48171.EXE-020B0690.pf not found.
File/Folder C:\WINDOWS\Prefetch\51734.EXE-082036B3.pf not found.
File/Folder C:\WINDOWS\Prefetch\52734.EXE-1FF08F87.pf not found.
File/Folder C:\WINDOWS\Prefetch\55468.EXE-26FA935A.pf not found.
File/Folder C:\WINDOWS\Prefetch\57578.EXE-2178C95E.pf not found.
File/Folder C:\WINDOWS\Prefetch\64718.EXE-11A45415.pf not found.
File/Folder C:\WINDOWS\Prefetch\64984.EXE-0CD6CC77.pf not found.
File/Folder C:\WINDOWS\Prefetch\68046.EXE-1A69A243.pf not found.
File/Folder C:\WINDOWS\Prefetch\68531.EXE-0AB74AD0.pf not found.
File/Folder C:\WINDOWS\Prefetch\70671.EXE-2E6D7920.pf not found.
File/Folder C:\WINDOWS\Prefetch\73359.EXE-236F578E.pf not found.
File/Folder C:\WINDOWS\Prefetch\738906.EXE-067CAE96.pf not found.
File/Folder C:\WINDOWS\Prefetch\742390.EXE-07F6EEF5.pf not found.
File/Folder C:\WINDOWS\Prefetch\749359.EXE-1DE1DF00.pf not found.
File/Folder C:\WINDOWS\Prefetch\751546.EXE-3A5C0C8B.pf not found.
File/Folder C:\WINDOWS\Prefetch\77406.EXE-324FC0FB.pf not found.
File/Folder C:\WINDOWS\Prefetch\83015.EXE-0F4D3B84.pf not found.
File/Folder C:\WINDOWS\Prefetch\85375.EXE-203A1D67.pf not found.
File/Folder C:\WINDOWS\Prefetch\89750.EXE-1001FDD7.pf not found.
File/Folder C:\WINDOWS\Prefetch\93703.EXE-302B9779.pf not found.
File/Folder C:\WINDOWS\Prefetch\FLEC006.EXE-3AB6E7F4.pf not found.
File/Folder C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf not found.
File/Folder C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf not found.
File/Folder C:\WINDOWS\system32\ban_list.txt not found.
File/Folder C:\WINDOWS\system32\mdelk.exe not found.
File/Folder C:\WINDOWS\system32\srosa2.sys not found.
File/Folder C:\WINDOWS\system32\wfsintwq.sys not found.
File/Folder C:\WINDOWS\system32\wintems.exe not found.
File/Folder C:\Documents and Settings\JJ\Application Data\drivers not found.
File/Folder C:\Documents and Settings\JJ\Application Data\drivers\downld not found.
File/Folder C:\Documents and Settings\JJ\Application Data\drivers\winupgro.exe not found.
File/Folder C:\Documents and Settings\JJ\Application Data\m not found.
File/Folder C:\Documents and Settings\JJ\Application Data\m\data.oct not found.
File/Folder C:\Documents and Settings\JJ\Application Data\m\flec006.exe not found.
File/Folder C:\Documents and Settings\JJ\Application Data\m\list.oct not found.
File/Folder C:\Documents and Settings\JJ\Application Data\m\srvlist.oct not found.
File/Folder C:\Documents and Settings\JJ\Application Data\m\shared not found.
File/Folder C:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\61SJHXH3\mxd[1].jpg not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: JJ
->Temp folder emptied: 2603783 bytes
->Temporary Internet Files folder emptied: 8448936 bytes
->Java cache emptied: 38822561 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109563 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50,00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01172010_170546

Files moved on Reboot...

Registry entries deleted on Reboot...

J'attends tes consignes
17 Janvier 2010 17:17:41

Ok!

Télécharger sur le bureau Malwarebyte's Anti-Malware

* Double-clic sur « mbam-setup » pour lancer l'installation
* Installer simplement sans rien modifier
* Quand le programme lancé ==> onglet « Mise à jour » cliquer sur ==> « Recherche de mise à jour »
Onglet « Recherche » ==> cocher « Exécuter un examen complet »
* Clic « Rechercher »
* Cocher tous les disque dur
* Clic « Lancer l'examen »
* En fin de scan , si infection trouvée
==> Clic « Afficher résultat »
* Fermer vos applications en cours
* Vérifier si tout est coché et clic « Supprimer la sélection »

* un rapport s'ouvre le copier et le coller dans la réponse
17 Janvier 2010 18:01:47

Voila un deuxième log , celui de mbam

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3583
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/01/2010 17:53:58
mbam-log-2010-01-17 (17-53-58).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 220695
Temps écoulé: 24 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 349

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP100\A0016440.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP100\A0016443.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP100\A0016526.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP100\A0016745.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP100\A0016746.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP100\A0016747.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0016868.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0016871.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017168.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017194.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017195.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017196.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017206.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017505.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017529.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017536.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017537.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017538.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017558.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017840.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017883.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017884.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0017885.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018181.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018210.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018213.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018220.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018221.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018222.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018291.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018297.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018300.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018318.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018319.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018320.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018549.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018629.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018632.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018657.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018658.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018659.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019018.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018971.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0018982.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019005.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019006.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019007.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019318.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019344.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019345.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019346.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019372.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019672.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019700.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019701.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP102\A0019702.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019903.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019904.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019905.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019923.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019926.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019982.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019988.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0019991.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020579.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020580.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020581.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020590.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020833.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020872.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020873.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0020874.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0021120.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0021205.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0021208.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP103\A0021230.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021247.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021304.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021310.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021896.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021904.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021917.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0021905.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0022225.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0022243.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP104\A0022249.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022266.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022267.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022268.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022357.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022360.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022927.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022930.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022941.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022942.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022943.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0022959.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023285.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023293.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023294.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023295.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023304.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023307.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023588.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023638.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023639.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023652.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023649.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023892.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023978.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023979.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP105\A0023980.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0023995.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0023996.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0023997.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024005.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024063.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024069.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024073.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024655.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024660.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024661.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024871.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024889.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP106\A0024891.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0025864.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0025946.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0025957.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026001.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026002.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0025998.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026088.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026572.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026664.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026669.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026670.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP108\A0026671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0026936.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027025.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027033.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027074.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027075.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027076.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027373.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027390.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027416.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027417.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027418.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027614.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027711.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027722.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027764.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027936.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0027990.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028018.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028019.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028020.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028230.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028269.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028272.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028295.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028298.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028346.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028351.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028354.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028374.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP109\A0028375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0028394.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0028395.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0028396.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0028499.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0028502.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029034.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029069.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029070.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029071.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029371.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029402.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029405.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029411.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029412.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP110\A0029413.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0029521.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0029524.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0029884.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0029891.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0029888.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030306.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030416.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030419.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030425.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030426.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030444.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030774.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030775.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030776.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0030999.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031097.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031100.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031115.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031116.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031117.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031126.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031339.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031429.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031448.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031449.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP111\A0031450.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP112\A0031779.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP112\A0031605.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP112\A0031782.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP112\A0031789.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP112\A0031790.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0031800.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0031801.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0031802.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0031808.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0031942.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0031947.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0031950.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032353.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032472.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032473.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032474.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032495.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032498.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032731.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032829.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032830.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP113\A0032831.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0032839.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0032840.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0032841.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0032915.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0032919.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0032922.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033277.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033284.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033644.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033697.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033700.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033723.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033724.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033725.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033735.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033740.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033743.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033764.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033765.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033819.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033829.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033907.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0033908.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034045.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034235.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034238.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034261.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034262.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034263.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034435.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034521.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034532.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034605.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034606.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP114\A0034607.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035487.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035552.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035569.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035613.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035614.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035641.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035642.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035643.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035680.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP115\A0035754.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP117\A0035783.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP117\A0035894.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0011739.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0011610.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0011736.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0011769.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0011770.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0011786.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0011789.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0012115.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0012124.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0012125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0012126.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0012475.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0012476.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP94\A0012477.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP98\A0013050.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP98\A0013118.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP98\A0013122.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP98\A0013150.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP98\A0013151.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP98\A0013154.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013232.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013237.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013240.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013277.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013278.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013523.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013581.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013584.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013631.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013632.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013633.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013690.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0013913.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014019.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014020.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014029.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014032.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014018.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014129.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014177.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014178.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0014179.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015027.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015269.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015351.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015362.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015364.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015717.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015720.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015382.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015385.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015363.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015706.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015707.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015708.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015815.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015823.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015824.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4346C14E-A8C6-42F0-99D6-0D8CB4883631}\RP99\A0015825.exe (Worm.Bagle) -> Quarantined and deleted successfully.

17 Janvier 2010 18:07:45

Ok, refais un scan RSIT pour vérifier qu'il ne reste rien.
17 Janvier 2010 18:16:11

Voila le rapport de RSIT

log

Logfile of random's system information tool 1.06 (written by random/random)
Run by JJ at 2010-01-17 18:11:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 276 GB (91%) free of 305 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:00, on 17/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JJ\Bureau\RSIT.exe
C:\Program Files\trend micro\JJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x0805 -f video -m logitech -d 12.10.1110.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x0805 -f video -m logitech -d 12.10.1110.0 (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/ht...
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resour...
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sourc...
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8444 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{648E672C-265B-4A83-8463-00F9C02B66BD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2008-01-18 208896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-26 149280]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2010-01-16 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JJ^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]

C:\Documents and Settings\JJ\Menu Démarrer\Programmes\Démarrage
Logitech . Enregistrement du produit.lnk - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-17 18:06:51 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-17 17:26:03 ----D---- C:\Documents and Settings\JJ\Application Data\Malwarebytes
2010-01-17 17:25:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-17 17:25:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-17 17:05:51 ----SHD---- C:\RECYCLER
2010-01-17 17:05:46 ----D---- C:\_OTM
2010-01-17 14:38:01 ----A---- C:\Log.txt
2010-01-17 14:00:10 ----A---- C:\ComboFix.txt
2010-01-17 13:54:11 ----D---- C:\Documents and Settings\JJ\Application Data\Dossier de téléchargement Share-to-Web
2010-01-17 13:54:11 ----D---- C:\Documents and Settings\JJ\Application Data\Dossier de téléchargement Share-to-Web
2010-01-17 13:46:07 ----A---- C:\Boot.bak
2010-01-17 13:46:02 ----RASHD---- C:\cmdcons
2010-01-17 13:45:27 ----A---- C:\WINDOWS\zip.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\SWSC.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\SWREG.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\sed.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\PEV.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\MBR.exe
2010-01-17 13:45:27 ----A---- C:\WINDOWS\grep.exe
2010-01-17 13:45:23 ----D---- C:\WINDOWS\ERDNT
2010-01-17 11:48:12 ----D---- C:\Qoobox
2010-01-14 22:57:26 ----D---- C:\FindyKill
2010-01-14 22:16:47 ----D---- C:\Program Files\trend micro
2010-01-14 22:16:46 ----D---- C:\rsit
2010-01-14 18:57:57 ----D---- C:\WINDOWS\BDOSCAN8
2010-01-07 17:35:26 ----D---- C:\col4309
2010-01-07 15:41:38 ----D---- C:\Documents and Settings\JJ\Application Data\HouseCall 6.6
2010-01-07 15:41:37 ----D---- C:\WINDOWS\system32\HouseCall 6.6
2010-01-07 15:13:59 ----D---- C:\WINDOWS\pss
2010-01-03 19:27:48 ----D---- C:\Program Files\Activision
2010-01-03 19:21:13 ----A---- C:\WINDOWS\game.ini
2010-01-02 15:51:33 ----D---- C:\Program Files\Microsoft
2010-01-02 15:51:06 ----D---- C:\Program Files\Windows Live
2010-01-02 14:19:33 ----D---- C:\Program Files\Logitech
2009-12-29 23:20:03 ----A---- C:\WINDOWS\system32\lvci12101110.dll
2009-12-26 23:17:15 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-12-25 20:09:07 ----D---- C:\Documents and Settings\JJ\Application Data\Leadertech
2009-12-25 20:08:40 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2009-12-25 20:08:40 ----A---- C:\WINDOWS\system32\LVUI2.dll
2009-12-25 20:08:40 ----A---- C:\WINDOWS\system32\lvcodec2.dll
2009-12-25 20:08:13 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2009-12-25 20:08:13 ----A---- C:\WINDOWS\system32\lvci1201278.dll
2009-12-25 20:06:26 ----D---- C:\Program Files\Fichiers communs\LogiShrd
2009-12-25 20:06:26 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-12-25 20:02:28 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-25 12:27:22 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-25 12:27:21 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-12-25 11:10:58 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 11:10:58 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-12-25 11:10:57 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 11:10:57 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 11:10:57 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 11:10:56 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 11:10:56 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 11:10:55 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 11:10:55 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 11:10:53 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 11:10:53 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 11:10:53 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 11:10:52 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 11:10:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 11:10:50 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 11:10:45 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 11:10:44 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 11:10:43 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 11:10:42 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 11:10:41 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 10:57:39 ----SHD---- C:\WINDOWS\ftpcache
2009-12-22 22:56:11 ----A---- C:\WINDOWS\IsUn040c.exe
2009-12-21 22:55:00 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-21 13:37:00 ----D---- C:\users
2009-12-19 18:56:32 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-12-19 18:56:31 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-12-19 16:01:01 ----D---- C:\Documents and Settings\JJ\Application Data\Help

======List of files/folders modified in the last 1 months======

2010-01-17 18:07:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-17 18:06:51 ----D---- C:\WINDOWS\system32
2010-01-17 17:57:52 ----D---- C:\WINDOWS\Temp
2010-01-17 17:57:13 ----D---- C:\WINDOWS\system32\drivers
2010-01-17 17:56:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-17 17:26:03 ----D---- C:\WINDOWS\Prefetch
2010-01-17 17:25:59 ----RD---- C:\Program Files
2010-01-17 17:05:50 ----D---- C:\WINDOWS
2010-01-17 17:05:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-17 13:54:09 ----A---- C:\WINDOWS\system.ini
2010-01-17 13:52:56 ----D---- C:\WINDOWS\system32\config
2010-01-17 13:50:51 ----D---- C:\WINDOWS\AppPatch
2010-01-17 13:50:47 ----D---- C:\Program Files\Fichiers communs
2010-01-17 13:46:07 ----RASH---- C:\boot.ini
2010-01-17 13:44:47 ----A---- C:\WINDOWS\win.ini
2010-01-14 22:05:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-14 22:05:30 ----HD---- C:\WINDOWS\inf
2010-01-13 11:22:09 ----D---- C:\Documents and Settings\JJ\Application Data\vlc
2010-01-13 10:39:40 ----D---- C:\Program Files\Windows Media Player
2010-01-08 17:47:58 ----D---- C:\Program Files\eMule
2010-01-07 17:37:41 ----SHD---- C:\WINDOWS\Installer
2010-01-07 17:37:18 ----D---- C:\Program Files\Hewlett-Packard
2010-01-03 20:33:49 ----D---- C:\WINDOWS\network diagnostic
2010-01-03 19:38:21 ----D---- C:\WINDOWS\system32\DirectX
2010-01-03 19:38:15 ----RSD---- C:\WINDOWS\assembly
2010-01-03 13:09:59 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-01-03 13:03:06 ----D---- C:\Documents and Settings\JJ\Application Data\Dofus 2
2010-01-02 19:24:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-02 15:51:12 ----RSD---- C:\WINDOWS\Fonts
2010-01-02 12:22:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-02 12:03:40 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-29 23:20:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-29 23:20:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-29 23:20:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 20:08:40 ----D---- C:\WINDOWS\twain_32
2009-12-25 11:10:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 11:09:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 10:56:15 ----D---- C:\Program Files\Mafia
2009-12-25 10:56:02 ----D---- C:\Program Files\Mario Forever
2009-12-24 18:58:38 ----D---- C:\Documents and Settings\JJ\Application Data\XnView
2009-12-18 17:30:56 ----D---- C:\Documents and Settings\JJ\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-01-07 82380]
R1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-02-15 14336]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys [2008-01-09 40960]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\JJ\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;Logitech Webcam 300(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys []
S4 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys []
S4 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
S4 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-04-24 598016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-26 153376]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-04-24 176128]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-03 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-03 103736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2010-01-16 18752]
S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2010-01-16 138680]
S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2010-01-14 254040]
S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2010-01-14 352920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
17 Janvier 2010 18:21:58

Encore des soucis?
17 Janvier 2010 18:59:18

Tout semble revenu à la normale

Avast refonctionne

Une petit chose comment faire pour désinstaller la console de récupération installée avec combofix.

Quel pare-feu gratuit me conseilles-tu d'installer sur la machine le temps que mon copain s'achète une suite de sécurité complète ?

Merci beaucoup pour tout le temps que tu m'as consacré.

17 Janvier 2010 20:12:13

La console de récupération sert toujours mieux vaut la laisser! Mais si tu veux vraiment l'enlever dis le, je te donnerai la manip :clin: 

Pour le parfeu, je sais pas trop, je dirais zone alarm ou kerio ;) 

Fais ça pour finir la désinfection:

1/ Pour supprimer les utilitaires téléchargés:

* Télécharge ToolsCleaner2 sur ton bureau
* Double-clique sur « Toolscleaner.exe »
* Clique sur « restauration » pour créer un point de restauration.
* Puis clique sur « recherche »
* Quand la recherche sera terminée, clique sur « suppression ».
* A la fin (il y aura des indications dans le cadre en-dessous), clique sur « quitter » et poste le rapport qui se trouve dans « C:\Tcleaner.txt »
* Clique droit sur son icône => « supprimer »


2/ Pour supprimer les fichiers temporaires (à utiliser régulièrement!):

Télécharge sur le bureau « ATF-Cleaner »
* Double-clic dessus
* Sous l'onglet « Main », choisis« Select All »
* Clique sur le bouton « Empty Selected »
* Patiente le temps du nettoyage, puis « Ok »
** Note: Le prochain démarrage du PC sera un peu plus long, le prefetch ayant été vidé

-----

3/ Désactiver et réactiver la restauration système:

- sous xp:

* Clique-Droit sur Poste de Travail
* Clique « Propriétés »
* Clique « Restauration du système »
* Cocher : « Désactiver la restauration système sur tous les lecteurs »
* Valider en cliquant sur « OK »
-> Redémarrer le pc
* Et même manoeuvre en décochant pour rétablir la restauration
* Puis Menu Démarrer ==> Tous les programmes ==> Accessoires ==> Outils système ==> Restauration système
* Clique « Créer un nouveau point de restauration »
** note => le nom donné n’a aucune importance

- sous vista:

* Clique sur Démarrer
* Clique-droit sur « Ordinateur »
* Clique « Propriétés »
* Clique « Protection du système »
* Décocher : « C »
* Valider en cliquant sur « OK »
-> Redémarrer le pc
* Et même manoeuvre en recochant pour rétablir la restauration
* Puis de même et cliquer « créer » pour établir un nouveau point de restauration

-----

4/ Garder malwarebytes' et penser à faire des scans réguliers avec ce dernier!
=> Tuto malwarebytes'

-----

5/ Un dossier sur les infections à lire si ça t'interesse => Lien

-----

6/ Problème résolu?

Alors penser à mettre le sujet en résolu en éditant ton titre! :clin: 
17 Janvier 2010 21:08:18

Le rapport de toolscleaner2

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\JJ\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\JJ\Bureau\Rsit.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\JJ\Bureau\OTM.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\JJ\Bureau\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\FindyKill: supprimé !
C:\Rsit: supprimé !
17 Janvier 2010 21:27:04

C'est ok!
17 Janvier 2010 21:30:39

Merci beaucoup

Désolé mais je ne touve pas la manip pour mettre le sujet en résolu !!
17 Janvier 2010 21:34:52

Faut juste que tu édite ton titre et que tu rajoutes [Résolu] ou un truc du genre ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS