Avast edition familiale

Résolu
loic -  
 loic -
Bonjour,

Je viens d'installer le logiciel. Or lorsque je clique sur l'icone pour le lancer j'ai ce message :
C\Programfiles.....\ashAvast.exe n'est pas une application Win32 valide.

Pouvez-vous m'aide , merci !
Configuration: Windows XP
Firefox 3.0.1

51 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème décrit est qu'un message indique que l'exécutable Avast n'est pas une application Win32 valide après l'installation sur Windows XP avec Firefox 3.0.1, ce qui empêche le lancement. La cause est identifiée comme une infection Bagle qui surcharge le système, ce qui déclenche l'erreur Avast, pour décontaminer réaliser un scan rapide avec Malwarebytes Anti-Malware, supprimer les éléments détectés, transmettre le rapport. Bagle provient d'un crack infecté, d'où l'importance d'arrêter les téléchargements non officiels et d'utiliser des sources légitimes pour les mises à jour et les outils, afin de prévenir de nouvelles contaminations.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    L'infection Bagle avait envahit ton PC d'où le message d'erreur d'Avast.

    On continue la désinfection.

    ---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    Bagle vient d'un crack infecté, arrête de télécharger n'importe quoi.
    2
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Pour vérifier un truc :

    ---> Télécharge EliBaglA.exe :
    http://www.zonavirus.com/datos/descargas/95/elibagla.asp

    ---> Clique en bas de la page sur le bouton Descargar Elibagla.
    Enregistre ce fichier sur le bureau.

    ---> Double-clique sur EliBaglA.exe pour l'ouvrir.

    ---> Assure-toi que dans le menu déroulant Unidad qu'il y ait bien C:\
    Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée.

    ---> Clique sur le bouton Explorar pour lancer l'analyse.

    ---> L'analyse finie, redémarre, poste le rapport d'EliBaglA qui se trouve ici C:\InfoSat.txt
    1
  3. pascal_78 Messages postés 551 Statut Membre 38
     
    Tu l'a télécharger ou?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. pascal_78 Messages postés 551 Statut Membre 38
     
    Tu es sur XP ou vista?
    0
  6. pascal_78 Messages postés 551 Statut Membre 38
     
    essais de réinstaller.

    Tu as eu un message d'erreur lors de l'installation?
    0
  7. loic
     
    lors de l'installation y a pas eu de souci ; j'ai redémarré l'ordi une fois l'installation finie ;
    0
  8. pascal_78 Messages postés 551 Statut Membre 38
     
    supprimes le et réinstalle le, mais normalement l'installation se passe sans problème.
    0
  9. loic
     
    voici le rapport

    Thu Sep 11 18:15:19 2008
    EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.

    Thu Sep 11 18:42:48 2008
    EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
    Restaurada Clave: "SafeBoot\Minimal y Network"
    Reinicie para Completar la Limpieza.

    Thu Sep 11 18:43:03 2008
    EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Thu Sep 11 18:47:55 2008
    EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
    C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
    Reinicie para Completar la Limpieza.

    Thu Sep 11 18:47:58 2008
    EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Thu Sep 11 18:52:30 2008
    EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
    C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr

    Thu Sep 11 18:52:34 2008
    EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\Program Files\Microsoft Works\WKFUD.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181454.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181455.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181511.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181512.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181513.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181560.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181561.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181562.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181600.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181601.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181602.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181664.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181665.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181666.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181678.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181701.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181702.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181703.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181725.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181726.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181727.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181738.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181739.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181740.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181850.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181855.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181857.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181859.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181881.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181882.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181883.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181893.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181911.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181913.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181914.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182041.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182042.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182043.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182053.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182076.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182077.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182078.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182148.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182223.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183221.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183224.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183225.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183232.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183233.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183355.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183356.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183357.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183366.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183370.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183371.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183377.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183378.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183503.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0184501.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185497.EXE --> Eliminado Bagle
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185498.SYS --> Eliminado Bagle (rootkit)
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185499.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185500.EXE --> Eliminado Bagle.dldr
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185503.EXE --> Eliminado Bagle.dldr
    C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
    C:\WINDOWS\system32\drivers\downld\1495718.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\1500187.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\15253562.EXE --> Eliminado Bagle.VR
    C:\WINDOWS\system32\drivers\downld\15361421.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\15435640.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\15448937.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\15626906.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\15638437.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\16066078.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\16075640.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\16274609.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\277281.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\3012687.EXE --> Eliminado Bagle.VR
    C:\WINDOWS\system32\drivers\downld\3057546.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\3062312.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\323609.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\325328.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\339750.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\342843.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\3514234.EXE --> Eliminado Bagle.VR
    C:\WINDOWS\system32\drivers\downld\3769656.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\3975734.EXE --> Eliminado Bagle.VR
    C:\WINDOWS\system32\drivers\downld\440390.EXE --> Eliminado Bagle.VR
    C:\WINDOWS\system32\drivers\downld\711796.EXE --> Eliminado Bagle.VR
    C:\WINDOWS\system32\drivers\downld\720312.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\724468.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\745468.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\753406.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\758093.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\778406.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\788328.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\790484.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\868187.EXE --> Eliminado Bagle.VR
    C:\WINDOWS\system32\drivers\downld\914484.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\921062.EXE --> Eliminado Bagle
    C:\WINDOWS\system32\drivers\downld\951953.EXE --> Eliminado Bagle

    Nº Total de Directorios: 8659
    Nº Total de Ficheros: 75167
    Nº de Ficheros Analizados: 12860
    Nº de Ficheros Infectados: 103
    Nº de Ficheros Limpiados: 103
    0
  10. loic
     
    voila :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 2

    11/09/2008 21:32:41
    mbam-log-2008-09-11 (21-32-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 119429
    Temps écoulé: 1 hour(s), 44 minute(s), 45 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 203

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Hervé\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\config\40084332.Evt (Rootkit.Agent.H) -> Delete on reboot.
    C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185524.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1007265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1012640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1024203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1026578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1032312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1040406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1045968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1049250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1055000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1067578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1095328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1454500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1468453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1470187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15263250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15306593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15306765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15309546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1535578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15369140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15369250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15385453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1542656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15487265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15514703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15559031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15559062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15562953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15571046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15603359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15621515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15623875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15633140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15653234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15695234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15757281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15797890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15943171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\15991140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16003843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16017062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16028156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1603531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16045000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16047859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16079000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16114484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1612078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16161640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1618718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16194156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16253578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16266281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16268062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16303656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16324359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16327140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16388031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16408906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16415515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16769375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\16901875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\17117734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1798843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\1813906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\258140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\269453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\270687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\284140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3017718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\303125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3035265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3039859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\304296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3073765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\315312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3159890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\316593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3173390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3174656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3188718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3195296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3220828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\322562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3225796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3258625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3265031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3284343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3294062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\331406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\333625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\334593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\339000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\345625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3518593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\352625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3729953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3731546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3780046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3806937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\384703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3848984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3853234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\387109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\390562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\3984156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\4014515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\4016484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\4027281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\4035218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\4062453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\4066312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\421296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\426078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\438421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\443921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\446828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\521890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\543859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\545625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\566031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\572109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\594937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\628703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\634609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\649281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\658281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\683296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\698156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\699640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\700640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\702734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\710968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\712796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\714812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\716046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\717031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\721437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\722093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\722906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\729390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\730187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\743687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\746890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\750828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\752609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\753234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\755125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\757812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\766296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\769500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\772359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\784343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\785437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\788218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\799125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\802812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\804234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\806468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\809125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\814906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\823796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\826781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\833203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\837796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\838593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\839421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\845515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\851375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\858781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\859015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\860781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\869375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\871062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\873078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\874937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\885000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\892531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\893156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\899718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\899843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\917890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\921343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\926843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\940156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\942187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\955375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\957796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\958109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\959093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\961812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\963359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\964078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\985187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\986781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\989515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\993078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\995890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld\997203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vccwvzm_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vccwvzm_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge HijackThis V 2.02 (HijackThis Installer) :
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    - Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    - Clique sur Install ensuite sur I Accept

    - Clique sur Do a scan system and save log file

    - Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
    0
  12. loic
     
    Et voila :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:16:08, on 11/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Systran40perso.IEPlugIn - {397B3223-7D10-11D6-ABC6-00B0D094B576} - C:\Program Files\Systran\4_0\Personal\IEPlugIn.dll
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Rechercher avec Google... - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9F4AA2-1E80-4E21-8C91-8E3B8F1EF84B}: NameServer = 80.10.246.130 81.253.149.10
    O20 - Winlogon Notify: wmmres32 - C:\WINDOWS\SYSTEM32\wmmres32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Movie Maker (wmmres32) - Unknown owner - rundll32.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://perso.orange.fr/scl/images/CDAmourAnarchie1.jpg
    0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
  14. loic
     
    voila :
    ComboFix 08-09-10.04 - Hervé 2008-09-11 22:28:32.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.96 [GMT 2:00]
    Endroit: C:\Program Files\Programmes téléchargés\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\InfoSat.txt
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\config\49472178.Evt
    C:\WINDOWS\system32\dao350.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ASC3550P
    -------\Legacy_NPF
    -------\Legacy_SROSA
    -------\Service_asc3550p

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-11 22:15 . 2008-09-11 22:15 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-11 19:37 . 2008-09-11 19:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-11 19:37 . 2008-09-11 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-11 19:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-11 19:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-07 16:37 . 2008-09-09 17:50 <REP> d-------- C:\Program Files\splus
    2008-09-07 16:37 . 2005-10-17 18:13 447,488 --a------ C:\WINDOWS\system32\splus.cpl
    2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\TechSmith
    2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
    2008-09-07 16:35 . 2002-12-23 01:01 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
    2008-09-07 16:28 . 2008-09-07 16:30 <REP> d-------- C:\Program Files\camtasia studio v3.0.2
    2008-09-07 16:09 . 2008-09-07 16:09 <REP> d-------- C:\Program Files\Alwil Software
    2008-08-19 17:44 . 2008-08-19 17:45 <REP> d-------- C:\Program Files\Philips
    2008-08-19 17:44 . 2008-01-14 16:58 19,840 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
    2008-08-14 17:19 . 2005-05-05 10:59 9,918,872 --a------ C:\WINDOWS\wmsetup.exe
    2008-08-14 17:19 . 2005-09-18 20:32 1,416,944 --a------ C:\WINDOWS\wmwinxp.exe
    2008-08-14 17:19 . 2005-09-18 20:32 1,186,032 --a------ C:\WINDOWS\wm2000.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-11 20:37 --------- d-----w C:\Program Files\Wanadoo
    2008-09-11 20:25 --------- d-----w C:\Program Files\Programmes téléchargés
    2008-09-11 16:56 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-10 18:03 --------- d-----w C:\Program Files\eMule
    2008-09-07 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
    2008-09-07 08:52 --------- d-----w C:\Program Files\CamStudio
    2008-09-07 08:33 --------- d-----w C:\Program Files\HyCam2
    2008-08-19 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-11 16:50 --------- d-----w C:\Program Files\TubeMaster
    2008-08-09 09:44 --------- d-----w C:\Program Files\IVCsoft
    2008-08-09 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
    2008-08-05 14:46 --------- d-----w C:\Program Files\Google
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WooCnxMon"="00" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-10-05 331830]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 28738]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-31 151597]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975]
    "Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 44544]
    "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 295936]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
    "SoundMan"="SOUNDMAN.EXE" [2002-08-15 C:\WINDOWS\SOUNDMAN.EXE]
    "ATIPTA"="atiptaxx.exe" [2002-07-04 ATI\atiptaxx.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmmres32]
    2004-09-07 13:04 12288 C:\WINDOWS\system32\wmmres32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.LM20"= lm20.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8112:TCP"= 8112:TCP:messenger
    "3658:TCP"= 3658:TCP:messenger

    R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2003-11-30 2368]
    S2 wmmres32;Windows Movie Maker;rundll32.exe C:\WINDOWS\system32\wmmres32.dll,ocib [ ]
    S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237cc8ac-aaf3-11dc-8f59-4d6564696130}]
    \Shell\AutoRun\command - F:\nideiect.com
    \Shell\explore\Command - F:\nideiect.com
    \Shell\open\Command - F:\nideiect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4399870e-a41f-11dc-8f4f-4d6564696130}]
    \Shell\AutoRun\command - F:\nideiect.com
    \Shell\explore\Command - F:\nideiect.com
    \Shell\open\Command - F:\nideiect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdb3df1-6e05-11dd-9080-4d6564696130}]
    \Shell\AutoRun\command - F:\nideiect.com
    \Shell\explore\Command - F:\nideiect.com
    \Shell\open\Command - F:\nideiect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5859fe4-8f7c-11db-8dad-4d6564696130}]
    \Shell\AutoRun\command - F:\nideiect.com
    \Shell\explore\Command - F:\nideiect.com
    \Shell\open\Command - F:\nideiect.com
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-WorksFUD - C:\Program Files\Microsoft Works\wkfud.exe
    HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    HKU-Default-Run-AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Hervé\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]taqxaia.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-11 22:38:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\tsd32.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-11 22:49:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-11 20:49:02

    Pre-Run: 23,276,920,832 octets libres
    Post-Run: 23,270,830,080 octets libres

    181 --- E O F --- 2008-01-04 19:14:31
    0
  15. loic
     
    merci pour toutes ces informations ; c'est bon la, je suis sauvé ?
    0
  16. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge RavAntivirus d'Evosla sur ton bureau :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    - Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix

    - Clique droit sur le fichier rav.zip, puis "Extraire Ici".

    - Doucle-clique sur "rav.exe" pour lancer le fix.

    - Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)

    - En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.

    - Ensuite : retire tes disques amovibles et redémarre le PC.
    0
  17. loic
     
    est-ce normal que l'analyse soit si longue ?
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Il a trouvé quelque chose ?
    0
  19. loic
     
    au tout debut il a trouve g:\autroun.inf et g\:nideiect.com ; il les a supprimé avec succes; et depuis j'ai le message l'odinateur est sain et l abande bleu qui va et vient comme s"il cherchait toujours
    0
  • 1
  • 2
  • 3