Résolu - infection DCOM Exploit détectée par avast

[bellouss]

Bonjour,

 

Depuis quelque temps, toutes les 10 minutes, Avast me m'affiche un cartouche ainsi libellé :

 

Agent réseau Avast a bloqué une menace

Objet : 78.158.165:135/tcp

Infection : DCOM eXPLOIT

 

Action bloqué

 

Qu' Avast soit efficace dans ce cas de figure est très bien, mais la répétition de ce genre de message, outre l'inquiétude qu'Avast en laisse passer un, devient rapidement très gênante.

 

Merci de me faire part de votre expérience et des solutions apportées.

Modifié le 4 mars 2010 par bellouss

[Apollo]

Bonjour,

 

Aucune configuration transmise, ni dans ton profil ni dans ton post initial...

 

Où est le log Hijackthis qui nous permettrait de voir quel système tu as?

Reconnais qu'il faudrait être devin pour pouvoir te proposer des solutions.

 

Je soupçonne toutefois un retard de mises à jour de Windows et/ou des certaines applications...

 

Télécharge HijackThisV2 dans un nouveau dossier créé sur C:\ nomme-le HJT.

• Double-clique sur HJTInstall.exe et suis les instructions d'installation.
  --> Sous VISTA: faire un clic droit/exécuter en temps qu'administrateur
  
• Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
  
• Lance le, valide le message d'avertissement, puis clique sur Do a system scan and save a logfile.
  
• A la fin de l'analyse, le bloc-notes va s'ouvrir. Copie-colle tout son contenu ici à la suite.
  
• Poste le rapport généré sur le forum.
  

 

@++

[bellouss]

Merci APPOLLO de te soucier de mon cas et pardon pour l'ignorance de mon propos.

Ainsi que demandé, je mets ci-dessous le bloc-note obtenu avec HIJACK.

 

Encore une fois merci d'aider un novice en tout.

 

OOPS pas mis le bloc-note !!!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:05:29, on 03/03/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Users\Patrick\AppData\Local\Temp\cisvc.exe

C:\Program Files (x86)\NoBrand\Wireless Network Manager\Monitor.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Users\Patrick\AppData\Local\Temp\~temp\mlp220\mdm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...954805ug9i14331

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nixud.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...954805ug9i14331

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...954805ug9i14331

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll

F3 - REG:win.ini: load=C:\Users\Patrick\AppData\Local\Temp\cisvc.exe

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll

O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

O4 - HKCU\..\Run: [drvsyskit] C:\Users\Patrick\AppData\Roaming\drivers\winupgro.exe

O4 - HKLM\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [sessMgr] C:\Windows\System32\drivers\sessmgr.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System32\drivers\cisvc.exe /waitservice (User 'Système')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System32\drivers\cisvc.exe /waitservice (User 'Default user')

O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Wireless Network Manager.lnk = C:\Program Files (x86)\NoBrand\Wireless Network Manager\Monitor.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: UH_DLL.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11711 bytes

[Apollo]

Re,

 

Ouille un 64 Bits, je crains ne pas t'être d'un très grand secours car je connais bien trop mal ce système, moi qui suis toujours sous XP; de plus, très très peu d'outils de désinfections sont compatibles.

 

On va quand-même faire le maximum pour désinfecter ce qui doit l'être et surtout mieux sécuriser cette machine qui, protégée par Avast, est comme un gruyère plein de trous...

 

Tu es infecté par Bagle. un des pires virus du moment.

 

Ne fais pas d'analyse antivirus avant qu'on ne te le demande car Bagle, dans ses dernières versions injecte des fichiers zip légitimes. L'antivirus les zigouillerait alors...

 

 

Télécharge FindyKill de El Desaparecido sur ton bureau :

 

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe

 

! Déconnecte toi et ferme toutes applications en cours !

 

Désactive toutes les protections résidentes. (antivirus, firewall, antimalware...)

 

Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

 

Fais un clic droit sur le raccourci FindyKill présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

 

Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

 

Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

 

Laisse travailler l'outil et ne touche à rien ...

 

--> Poste le rapport qui apparait à la fin , sur le forum ...

 

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

 

@++

[bellouss]

Re également

 

 

############################## | FindyKill V5.037 |

 

# User : Patrick (Administrateurs) # PATRICK-PC

# Update on 18/02/2010 by El Desaparecido

# Start at: 16:43:26 | 03/03/2010

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Pentium® Dual-Core CPU E5400 @ 2.70GHz

# Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #

# Internet Explorer 8.0.7600.16385

# Windows Firewall Status : Enabled

 

# C:\ # Disque fixe local # 459,45 Go (406,73 Go free) [Acer] # NTFS

# D:\ # Disque fixe local # 459,96 Go (384,64 Go free) [DATA] # NTFS

# E:\ # Disque CD-ROM

# F:\ # Disque amovible

# G:\ # Disque amovible

# H:\ # Disque amovible

# I:\ # Disque amovible

# J:\ # Disque amovible

# K:\ # Disque amovible # 3,72 Go (1,86 Go free) [KINGSTON] # FAT32

# L:\ # Disque amovible

 

############################## | Processus actifs |

 

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Users\Patrick\AppData\Local\Temp\cisvc.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Program Files (x86)\NoBrand\Wireless Network Manager\Monitor.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

 

################## | C: |

 

 

################## | C:\Windows |

 

 

################## | C:\Windows\Prefetch |

 

 

################## | C:\Windows\system32 |

 

 

################## | C:\Windows\system32\drivers |

 

 

################## | C:\Users\Patrick\AppData\Roaming |

 

C:\Users\Patrick\AppData\Roaming\drivers

C:\Users\Patrick\AppData\Roaming\drivers\downld

C:\Users\Patrick\AppData\Roaming\drivers\downld\100215.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\100667.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\100807.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\100963.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\101135.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\101322.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\101494.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\101697.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\101853.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\102071.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\102227.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14502601.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14502991.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14503490.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14519808.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14532039.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14561008.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14561429.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14561960.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14562771.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14563395.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14563847.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14564253.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14565017.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14565906.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14566686.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14567139.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14567778.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14568527.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14569245.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14572926.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14573363.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14573863.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14574065.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14574362.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14575376.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14576577.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14577061.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14577529.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14577934.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14578387.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14578933.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14579447.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14579650.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14579900.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14580087.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14580321.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14581756.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14583457.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14583971.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14584377.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14584954.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14585578.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14586327.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14586951.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14587279.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14587731.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14587965.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14588215.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14588651.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14589197.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14590367.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14591662.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14592005.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14592380.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14592661.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14592926.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14593363.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14593768.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14594127.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14594408.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14594845.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14595469.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14596124.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14597044.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14599275.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14600788.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14602286.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14604111.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14604517.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14604891.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14605141.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14605593.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14605905.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14606108.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14606311.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14606560.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14606904.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14607278.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14607699.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14608167.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14608682.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14609150.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14609852.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14610663.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14611537.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14612176.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14612832.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14613752.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14613986.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14614251.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14614438.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14614626.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14614922.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14615749.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14616435.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14616950.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14618089.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14619118.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14619306.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14619555.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14619789.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14620086.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14621162.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14622067.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14622301.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14622706.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14623330.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14624173.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14624532.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14624953.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14626123.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14629321.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14630928.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14632020.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14632425.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14632956.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14633392.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14633907.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14635670.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14637277.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14638151.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14639118.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14639898.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14640662.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14641224.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14641817.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14642051.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14642285.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14642534.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14642753.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14643657.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14644266.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14644500.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14644718.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14644999.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14645561.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14647963.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14649835.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14650459.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14651052.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14651457.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14651879.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14652315.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14654375.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14654889.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14655701.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14657729.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14659289.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14660037.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14660942.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14663469.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14666823.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14667666.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14668602.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14669179.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14669756.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14670708.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14671675.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14672112.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14672580.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14673220.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14673906.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14674873.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14676059.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14676636.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14677369.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\14677900.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29078492.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29078757.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29079069.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29082236.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29082579.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29085980.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29086090.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29086261.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29086417.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29086589.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29086838.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29087010.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29087572.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29088289.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29088445.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29088632.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29089256.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29103234.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29103936.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29104108.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29104295.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29104420.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29104591.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29105434.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29106307.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29106479.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29106697.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29106838.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29106994.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29107368.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29107758.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29107945.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29108132.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29108273.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29108444.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29109817.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29111190.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29111346.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29111533.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29112095.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29112547.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29113109.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29113670.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29113936.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29114201.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29114372.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29114544.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29114856.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29115199.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29115995.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29116806.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29117477.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29118241.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29118413.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29118631.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29118787.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29118975.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29119131.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29119287.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29119677.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29120067.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29120425.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29120784.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29121018.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29121237.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29122048.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29122765.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29122953.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29123155.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29123327.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29123530.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29123670.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29123842.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29123998.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29124169.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29124372.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29124575.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29125090.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29125355.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29125714.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29126088.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29126509.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29127055.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29127601.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29128147.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29128693.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29129286.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29129473.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29129629.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29129785.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29129957.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29130222.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29130487.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29130971.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29131439.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29132250.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29133093.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29133217.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29133373.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29133561.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29133779.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29134590.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29135433.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29135651.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29135932.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29136119.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29136322.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29136478.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29136681.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29137071.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29138662.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29139535.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29140144.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29140331.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29140534.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29140659.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29140815.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29142016.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29143233.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29144044.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29144855.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29145417.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29146041.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29146509.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29147024.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29147180.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29147351.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29147523.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29147694.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29147850.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29148006.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29148084.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29148209.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29148365.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29148552.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29150658.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29152078.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29152530.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29152983.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29153342.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29153716.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29154012.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29155058.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29155229.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29155432.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29157101.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29157756.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29158068.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29158396.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29160159.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29161906.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29162312.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29162733.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29162811.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29162936.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29163372.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29163840.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29163981.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29164137.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29164262.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29164433.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29164605.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29164808.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29164979.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29165166.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\29165354.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\31059.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\31371.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\32931.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\33540.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\33836.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\38657.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\38797.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\38937.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\39109.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\39265.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\39421.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\39593.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\40139.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\40669.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\40856.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\41075.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\41714.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\42338.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\42915.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\43493.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\43680.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\43867.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\44023.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\44195.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\45255.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\46269.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\46488.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\46769.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\46893.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\47034.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\47393.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\47783.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\47939.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\48110.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\48266.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\48438.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\50076.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\51464.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\51620.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\51792.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\52166.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\52572.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\53227.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\53851.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\54163.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\54444.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\54600.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\54771.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\55083.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\55427.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\56331.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\57283.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\57455.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\57611.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\57829.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\58328.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\58531.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\58703.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\58874.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\59093.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\59451.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\59841.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\60200.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\60559.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\60762.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\61058.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\62057.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\62790.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\62962.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\63164.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\63336.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\63539.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\63710.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\63866.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\64022.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\64178.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\64381.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\64568.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\64818.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\65068.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\65411.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\65770.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\66175.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\66581.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\67205.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\67829.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\68390.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\68983.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\69139.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\69295.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\69420.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\69592.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\69872.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\70122.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\70621.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\70964.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\71869.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\72774.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\72914.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\73055.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\73242.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\73445.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\74334.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\75254.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\75473.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\75707.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\75910.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\76112.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\76268.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\76456.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\76830.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\77298.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\78000.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\78577.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\78780.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\78967.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\79123.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\79279.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\80465.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\81666.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\82462.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\83288.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\83866.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\84536.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\85020.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\85535.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\85691.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\85847.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\86003.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\86190.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\86362.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\86533.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\86642.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\86767.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\86939.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\87126.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\89216.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\90652.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\91088.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\91556.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\91759.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\91993.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\92290.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\93350.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\93522.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\93725.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\94489.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\95160.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\95472.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\95800.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\97266.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\98686.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\99091.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\99513.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\99653.exe

C:\Users\Patrick\AppData\Roaming\drivers\downld\99762.exe

 

################## | Temporary Internet Files |

 

 

################## | Registre |

 

[HKCU\Software\bisoft]

[HKCU\Software\WS4001]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"

[HKU\S-1-5-21-4199621017-2111603838-94147625-1000\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"

[HKU\S-1-5-21-4199621017-2111603838-94147625-1000\Software\bisoft]

[HKCU\Software\Local AppWizard-Generated Applications\keygen]

[HKCU\Software\Local AppWizard-Generated Applications\winupgro]

[HKU\S-1-5-21-4199621017-2111603838-94147625-1000\Software\Local AppWizard-Generated Applications\keygen]

[HKU\S-1-5-21-4199621017-2111603838-94147625-1000\Software\Local AppWizard-Generated Applications\winupgro]

 

################## | Etat |

 

# Affichage des fichiers cachés : OK

 

# Mode sans echec : OK

 

# (!) Uac = 0x0

 

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )

# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )

# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )

# (!) windefend -> Start = 4 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )

 

################## | ! Fin du rapport # FindyKill V5.037 ! |

[Apollo]

Ok,

 

L'option 2 de l'outil fera sûrement redémarrer le pc; si Avast émet des alertes, ignore tout afin de ne pas risquer de virer des choses légitimes qui seraient touchées par cette vermine. Arrête de nouveau les boucliers résidents si Avast a survécu à Bagle...

 

/!\ Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

 

Fais un clic droit sur le raccourci FindyKill présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

 

Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

 

Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

 

Le pc va redémarrer automatiquement ...

 

Le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

 

--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

 

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

 

@++

[bellouss]

J'ai donc essayé de faire ce que tu dis :

 

clic droit sur le raccourci FindyKill

"éxécuter en tant qu'administrateur" .

" F " [entrée] .

option 2 [entrée]

déroulement normal sauf que processus ne s'arrête pas et bloque sur :

 

ZIP : C:\Program files (x86)\OpenOffice.org 3\Basis\Share\Cinfig\images.zip

 

avec un petit trait horizontal qui clignote

 

je l'ai laissé pendant 30 mn

 

Donc arrêt et je ne trouve pour le rapport que le document texte FyK que je joins ci-dessous :

 

############################## | FindyKill V5.037 |

 

# User : Patrick (Administrateurs) # PATRICK-PC

# Update on 18/02/2010 by El Desaparecido

# Start at: 17:34:18 | 03/03/2010

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Pentium® Dual-Core CPU E5400 @ 2.70GHz

# Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #

# Internet Explorer 8.0.7600.16385

# Windows Firewall Status : Enabled

 

# C:\ # Disque fixe local # 459,45 Go (406,74 Go free) [Acer] # NTFS

# D:\ # Disque fixe local # 459,96 Go (384,64 Go free) [DATA] # NTFS

# E:\ # Disque CD-ROM

# F:\ # Disque amovible

# G:\ # Disque amovible

# H:\ # Disque amovible

# I:\ # Disque amovible

# J:\ # Disque amovible

# K:\ # Disque amovible # 3,72 Go (1,86 Go free) [KINGSTON] # FAT32

# L:\ # Disque amovible

 

############################## | Processus actifs |

 

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\SysWOW64\runonce.exe

C:\Program Files\Alwil Software\Avast5\setup\avast.setup

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

 

################## | C: |

 

 

################## | C:\Windows |

 

 

################## | C:\Windows\Prefetch |

 

 

################## | C:\Windows\system32 |

 

 

################## | C:\Windows\system32\drivers |

 

 

################## | C:\Users\Patrick\AppData\Roaming |

 

 

################## | MD5 ... |

 

 

################## | CRC32 ... |

[Apollo]

Aie, c'est ce que je redoutais un peu.

 

On va essayer autre-chose mais si cela ne marche toujours pas avec FindyKill après cette manoeuvre, je devrais appeler un expert à la rescousse.

 

Télécharge Zip_Scan (par Eric_71) du lien suivant et sauvegarde-le sur ton Bureau :

http://eric71.geekstogo.com/beta/ZSc.exe

• Lance l'outil ZSc.exe par double-clic et accepte son exécution.
  
• Clique maintenant sur le bouton "Scan", au bas à gauche.
  
• Zip_Scan va maintenant rechercher les fichiers .zip infectés, spécifiques à cette infection;
  
• Lorsque l'analyse sera complétée, un rapport apparaîtra à l'écran; ce rapport est également sauvegardé sur ton Bureau (scan.txt)
  
• Copie/colle le contenu intégral de ce rapport ici, dans ta réponse.
  
• Tu dois maintenant fermer l'outil en cliquant sur le bouton "Exit", au bas à droite.
  
• Ne clique surtout pas sur "Disinfect" avant d'en être avisé, au cas où un faux positif serait détecté lors de l'analyse.
  

[bellouss]

Le rapport va être vite fait :

 

 

-- Report --

.

.

-- EOF --

 

je promet que c'est la copie intégrale (humour !!)

 

Toutefois, je remarque qu'il s'est longuement arrêté sur :

 

C+:\Program files (x86)\Open Office.org 3\Basis\Share\config

 

Voilà c'est tout

[Apollo]

Bien (si j'ose dire).

 

Essaie de repasser l'option 2 de FindyKill en mode sans échec.

 

Pour faire des analyses en mode sans echec faire comme suit: http://www.vista-xp.fr/forum/topic93.html

 

Est-ce que cela te poserait beaucoup de problèmes de désinstaller Open Office et de le réinstaller plus tard? D'autant que tu n'as pas l'air d'avoir la toute dernière version. (3.2 actuellement).

 

@++