Virus Persistant
Fermé
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
-
7 avril 2009 à 12:32
Utilisateur anonyme - 17 avril 2009 à 09:30
Utilisateur anonyme - 17 avril 2009 à 09:30
A voir également:
- Virus Persistant
- Svchost.exe virus - Guide
- Youtu.be virus - Guide
- Faux message virus ordinateur - Guide
- Tinyurl.com virus - Forum Virus
- Faux message virus iphone - Forum iPhone
60 réponses
Utilisateur anonyme
8 avril 2009 à 22:10
8 avril 2009 à 22:10
Re !
Ben, pour tes vacances, profite bien !! ;))
Sinon, pour le pc, c'est pas bon du tout. Bref, une infection que l'on ne peut pas supprimer sans Combofix apparemment.
Avec l'aide d'un autre helper (oui, sans que tu le saches, on était deux sur ton cas) il apparait que la solution la plus simple reste le formatage. Je déteste en arriver là, mais malheureusement, cela arrive parfois. La 64bits de Vista empêche Combofix de fonctionner et il semble que cela restera ainsi. OtMoveIt ne trouve pas ce que l'on veut supprimer (malgré une petite erreur de script de ma part...).
Voilà, désolé.
++
Ben, pour tes vacances, profite bien !! ;))
Sinon, pour le pc, c'est pas bon du tout. Bref, une infection que l'on ne peut pas supprimer sans Combofix apparemment.
Avec l'aide d'un autre helper (oui, sans que tu le saches, on était deux sur ton cas) il apparait que la solution la plus simple reste le formatage. Je déteste en arriver là, mais malheureusement, cela arrive parfois. La 64bits de Vista empêche Combofix de fonctionner et il semble que cela restera ainsi. OtMoveIt ne trouve pas ce que l'on veut supprimer (malgré une petite erreur de script de ma part...).
Voilà, désolé.
++
mino262
Messages postés
767
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
29 août 2011
103
7 avril 2009 à 12:35
7 avril 2009 à 12:35
... =S
jai eu EXACTEMENT la même merde ...
je t'avou que j'ai désespérer et j'ai fini par formater !!
si tu as plusieurs partition sur ton disque ... tu ne perdras pas tout ...
BONNE CHANCE
jai eu EXACTEMENT la même merde ...
je t'avou que j'ai désespérer et j'ai fini par formater !!
si tu as plusieurs partition sur ton disque ... tu ne perdras pas tout ...
BONNE CHANCE
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 12:44
7 avril 2009 à 12:44
Partitioner, au risque que le virus se propage ? :s
mino262
Messages postés
767
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
29 août 2011
103
7 avril 2009 à 12:46
7 avril 2009 à 12:46
mais tu n'aura pas de message du genre "impossible de supprimer tatata ... "
si le virus est sous ta partition ou il n'y a pas l'OS,
donc au pire ... tu perd quelques fichier ...
c'est mieu que de tout perdre =P
si le virus est sous ta partition ou il n'y a pas l'OS,
donc au pire ... tu perd quelques fichier ...
c'est mieu que de tout perdre =P
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 12:59
7 avril 2009 à 12:59
Oui ^^
Mais de toute façon, j'ai une DD de 250 que je vais formater d'ici peu qui pourrait me servir de stockage...
Mais je voudrais éviter tout ça ^^'
Mais de toute façon, j'ai une DD de 250 que je vais formater d'ici peu qui pourrait me servir de stockage...
Mais je voudrais éviter tout ça ^^'
mino262
Messages postés
767
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
29 août 2011
103
7 avril 2009 à 13:02
7 avril 2009 à 13:02
alors je peut pas t'aider ... il bloque tout, j'ai essayer plusieur antivirus,rien a faire
et au bout d'un ptit temps, tu ne pourra même plus ouvrir un logiciel ...
si tu n'en n'est pas deja arriver la ...
et au bout d'un ptit temps, tu ne pourra même plus ouvrir un logiciel ...
si tu n'en n'est pas deja arriver la ...
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 13:06
7 avril 2009 à 13:06
Nan mais la ça fait une semaine que je marche tranquillou... CCleaner, Kaspersky et tout le tralala marche bien, mais bon chu pas tranquille de tourner avec un virus sur ma machine ><
mino262
Messages postés
767
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
29 août 2011
103
7 avril 2009 à 13:11
7 avril 2009 à 13:11
et en réinstallant avast ??
quand tu redemarre ton ordi, et qu'il fait une vérification totale,
c'est la qu'il supprime tout ...
quand tu redemarre ton ordi, et qu'il fait une vérification totale,
c'est la qu'il supprime tout ...
Utilisateur anonyme
7 avril 2009 à 13:15
7 avril 2009 à 13:15
Salut _Pho_
Fais ceci stp:
Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur RSIT.exe.
Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
A noter: Les rapports se trouvent également ici: C:\rsit.
++
Fais ceci stp:
Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur RSIT.exe.
Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
A noter: Les rapports se trouvent également ici: C:\rsit.
++
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 14:18
7 avril 2009 à 14:18
@mino262 : Mon antivirus est déjà censé avoir tout supprimé ^^
Concernant Avast, c'est la que tu vois la différence entre un Freeware et logiciel payant, avast n'a rien trouvé, Kaspersky a trouvé lui ^^.
@ric025 : Merci pour votre aide.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Manu at 2009-04-07 14:06:07
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 219 GB (46%) free of 477 GB
Total RAM: 3070 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:15, on 07/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\FrapsII\fraps.exe
C:\Windows\System32\hdsp32.exe
C:\Windows\System32\hdspmix.exe
C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Users\Manu\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Manu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 94.23.49.62 L2authd.lineage2.com
O1 - Hosts: 94.23.49.62 L2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Windows\System\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF55286-B0A2-46C5-B440-C5CBCFD100F2}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Concernant Avast, c'est la que tu vois la différence entre un Freeware et logiciel payant, avast n'a rien trouvé, Kaspersky a trouvé lui ^^.
@ric025 : Merci pour votre aide.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Manu at 2009-04-07 14:06:07
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 219 GB (46%) free of 477 GB
Total RAM: 3070 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:15, on 07/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\FrapsII\fraps.exe
C:\Windows\System32\hdsp32.exe
C:\Windows\System32\hdspmix.exe
C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Users\Manu\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Manu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 94.23.49.62 L2authd.lineage2.com
O1 - Hosts: 94.23.49.62 L2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Windows\System\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF55286-B0A2-46C5-B440-C5CBCFD100F2}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 14:25
7 avril 2009 à 14:25
@ric025 :
Info.txt
info.txt logfile of random's system information tool 1.06 2009-04-07 14:06:18
======Uninstall list======
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\Windows\SysWOW64\Attansic\L1\atcInst.dll,VisUninst C:\Windows\SysWOW64\Attansic\L1 x64 pci\ven_1969&dev_1048
BBE Sonic Maximizer 2.0 Full-->MsiExec.exe /I{D799CA10-F7D5-46FF-97D7-06195C9EDA70}
CamStudio 2.0 Fr-->"C:\Program Files (x86)\CamStudio\unins000.exe"
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files (x86)\eMule\Uninstall.exe"
EZXClaustrophobic-->MsiExec.exe /I{8094F7AE-CA21-4AF2-A256-BC918CE0E796}
EZXCocktail-->MsiExec.exe /I{147567F0-8575-4BE0-B5B3-62706C67FA5A}
EZXNashville-->MsiExec.exe /I{82DF9225-13EC-41BD-BE31-AAB121B38166}
EZXPercussion-->MsiExec.exe /I{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}
EZXVintage-->MsiExec.exe /I{430399DC-98BC-4A7F-8F8E-77981CABAE05}
Fraps (remove only)-->"C:\FrapsII\uninstall.exe"
GForce - Minimonsta-->C:\Windows\unvise32.exe c:\program files (x86)\steinberg\vstplugins\GForce\Minimonsta\uninstal.log
GIMP 2.6.6-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HyperCam 2-->"C:\Program Files (x86)\HyCam2\UnHyCam2.exe"
IsoBuster 2.0-->"C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
LimeWire PRO 4.12.6-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-002A-040C-1000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan-->MsiExec.exe /I{230C4A45-2586-4161-84EF-5C0D75D5B270}
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google-->"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Picasa 2-->"C:\Program Files (x86)\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Safari-->MsiExec.exe /X{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sony Vegas Movie Studio 8.0-->MsiExec.exe /X{62892E81-E6D4-4550-AA61-183839FEF370}
TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
WinZip-->"C:\Program Files (x86)\WinZip\WINZIP32.EXE" /uninstall
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~2\Yahoo!\Common\unyt.exe
======Hosts File======
127.0.0.1 localhost
94.23.49.62 L2authd.lineage2.com
94.23.49.62 L2testauthd.lineage2.com
216.107.250.194 nProtect.lineage2.com
======Security center information======
AV: Kaspersky Anti-Virus
AS: Windows Defender (disabled)
AS: Kaspersky Anti-Virus
======System event log======
Computer Name: PC-de-Manu
Event Code: 3033
Message: Le redirecteur n'a pas pu enregistrer l'adresse pour le transport NetBT_Tcpip_{EDF55286-B0A2-46C5-B440-C5CBCFD100F2} pour la raison suivante : Vous n’étiez pas connecté car il y avait un nom en double sur le réseau. Si vous joignez un domaine, ouvrez le Panneau de configuration Système et modifiez le nom de l’ordinateur, puis réessayez. Si vous joignez un groupe de travail, choisissez un autre nom pour ce groupe.. Le transport a été déconnecté.
Record Number: 49353
Source Name: mrxsmb
Time Written: 20090407111053.745456-000
Event Type: Avertissement
User:
Computer Name: PC-de-Manu
Event Code: 4321
Message: Le nom "PC-DE-MANU :0" n'a pas pu être enregistré sur l'interface avec l'adresse IP 192.168.1.24. L'ordinateur avec l'adresse IP 192.168.1.72 n'a pas permis que le nom soit réclamé par cet ordinateur.
Record Number: 49354
Source Name: netbt
Time Written: 20090407111053.773456-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 2505
Message: Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{EDF55286-B0A2-46C5-B440-C5CBCFD100F2} car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.
Record Number: 49355
Source Name: Server
Time Written: 20090407111056.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 4321
Message: Le nom "PC-DE-MANU :20" n'a pas pu être enregistré sur l'interface avec l'adresse IP 192.168.1.24. L'ordinateur avec l'adresse IP 192.168.1.72 n'a pas permis que le nom soit réclamé par cet ordinateur.
Record Number: 49356
Source Name: netbt
Time Written: 20090407111056.763456-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
KLIM6
Record Number: 49419
Source Name: Service Control Manager
Time Written: 20090407111111.000000-000
Event Type: Erreur
User:
=====Application event log=====
Computer Name: PC-de-Manu
Event Code: 1002
Message: Le programme DivX Player.exe version 7.1.0.74 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 25c Heure de début : 01c9b718419d8470 Heure de fin : 68
Record Number: 3232
Source Name: Application Hang
Time Written: 20090407003333.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\036.PART.MET> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3233
Source Name: Microsoft-Windows-Search
Time Written: 20090407003414.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\036.PART.MET> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3234
Source Name: Microsoft-Windows-Search
Time Written: 20090407003414.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\013.PART.MET.BACKUP> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3236
Source Name: Microsoft-Windows-Search
Time Written: 20090407003419.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\033.PART.MET.BACKUP> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3340
Source Name: Microsoft-Windows-Search
Time Written: 20090407120410.000000-000
Event Type: Erreur
User:
=====Security event log=====
Computer Name: PC-de-Manu
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MANU$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x288
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 11662
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115746.130056-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MANU$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 5
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x288
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 11663
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115746.130056-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 11664
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115746.130056-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 5
Record Number: 11665
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115929.112056-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 5
Record Number: 11666
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407120129.380056-000
Event Type: Échec de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Info.txt
info.txt logfile of random's system information tool 1.06 2009-04-07 14:06:18
======Uninstall list======
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\Windows\SysWOW64\Attansic\L1\atcInst.dll,VisUninst C:\Windows\SysWOW64\Attansic\L1 x64 pci\ven_1969&dev_1048
BBE Sonic Maximizer 2.0 Full-->MsiExec.exe /I{D799CA10-F7D5-46FF-97D7-06195C9EDA70}
CamStudio 2.0 Fr-->"C:\Program Files (x86)\CamStudio\unins000.exe"
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files (x86)\eMule\Uninstall.exe"
EZXClaustrophobic-->MsiExec.exe /I{8094F7AE-CA21-4AF2-A256-BC918CE0E796}
EZXCocktail-->MsiExec.exe /I{147567F0-8575-4BE0-B5B3-62706C67FA5A}
EZXNashville-->MsiExec.exe /I{82DF9225-13EC-41BD-BE31-AAB121B38166}
EZXPercussion-->MsiExec.exe /I{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}
EZXVintage-->MsiExec.exe /I{430399DC-98BC-4A7F-8F8E-77981CABAE05}
Fraps (remove only)-->"C:\FrapsII\uninstall.exe"
GForce - Minimonsta-->C:\Windows\unvise32.exe c:\program files (x86)\steinberg\vstplugins\GForce\Minimonsta\uninstal.log
GIMP 2.6.6-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HyperCam 2-->"C:\Program Files (x86)\HyCam2\UnHyCam2.exe"
IsoBuster 2.0-->"C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
LimeWire PRO 4.12.6-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-002A-040C-1000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan-->MsiExec.exe /I{230C4A45-2586-4161-84EF-5C0D75D5B270}
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google-->"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Picasa 2-->"C:\Program Files (x86)\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Safari-->MsiExec.exe /X{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sony Vegas Movie Studio 8.0-->MsiExec.exe /X{62892E81-E6D4-4550-AA61-183839FEF370}
TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
WinZip-->"C:\Program Files (x86)\WinZip\WINZIP32.EXE" /uninstall
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~2\Yahoo!\Common\unyt.exe
======Hosts File======
127.0.0.1 localhost
94.23.49.62 L2authd.lineage2.com
94.23.49.62 L2testauthd.lineage2.com
216.107.250.194 nProtect.lineage2.com
======Security center information======
AV: Kaspersky Anti-Virus
AS: Windows Defender (disabled)
AS: Kaspersky Anti-Virus
======System event log======
Computer Name: PC-de-Manu
Event Code: 3033
Message: Le redirecteur n'a pas pu enregistrer l'adresse pour le transport NetBT_Tcpip_{EDF55286-B0A2-46C5-B440-C5CBCFD100F2} pour la raison suivante : Vous n’étiez pas connecté car il y avait un nom en double sur le réseau. Si vous joignez un domaine, ouvrez le Panneau de configuration Système et modifiez le nom de l’ordinateur, puis réessayez. Si vous joignez un groupe de travail, choisissez un autre nom pour ce groupe.. Le transport a été déconnecté.
Record Number: 49353
Source Name: mrxsmb
Time Written: 20090407111053.745456-000
Event Type: Avertissement
User:
Computer Name: PC-de-Manu
Event Code: 4321
Message: Le nom "PC-DE-MANU :0" n'a pas pu être enregistré sur l'interface avec l'adresse IP 192.168.1.24. L'ordinateur avec l'adresse IP 192.168.1.72 n'a pas permis que le nom soit réclamé par cet ordinateur.
Record Number: 49354
Source Name: netbt
Time Written: 20090407111053.773456-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 2505
Message: Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{EDF55286-B0A2-46C5-B440-C5CBCFD100F2} car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.
Record Number: 49355
Source Name: Server
Time Written: 20090407111056.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 4321
Message: Le nom "PC-DE-MANU :20" n'a pas pu être enregistré sur l'interface avec l'adresse IP 192.168.1.24. L'ordinateur avec l'adresse IP 192.168.1.72 n'a pas permis que le nom soit réclamé par cet ordinateur.
Record Number: 49356
Source Name: netbt
Time Written: 20090407111056.763456-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
KLIM6
Record Number: 49419
Source Name: Service Control Manager
Time Written: 20090407111111.000000-000
Event Type: Erreur
User:
=====Application event log=====
Computer Name: PC-de-Manu
Event Code: 1002
Message: Le programme DivX Player.exe version 7.1.0.74 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 25c Heure de début : 01c9b718419d8470 Heure de fin : 68
Record Number: 3232
Source Name: Application Hang
Time Written: 20090407003333.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\036.PART.MET> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3233
Source Name: Microsoft-Windows-Search
Time Written: 20090407003414.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\036.PART.MET> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3234
Source Name: Microsoft-Windows-Search
Time Written: 20090407003414.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\013.PART.MET.BACKUP> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3236
Source Name: Microsoft-Windows-Search
Time Written: 20090407003419.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Manu
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\033.PART.MET.BACKUP> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 3340
Source Name: Microsoft-Windows-Search
Time Written: 20090407120410.000000-000
Event Type: Erreur
User:
=====Security event log=====
Computer Name: PC-de-Manu
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MANU$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x288
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 11662
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115746.130056-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MANU$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 5
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x288
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 11663
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115746.130056-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 11664
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115746.130056-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 5
Record Number: 11665
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407115929.112056-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Manu
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 5
Record Number: 11666
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090407120129.380056-000
Event Type: Échec de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Utilisateur anonyme
7 avril 2009 à 14:28
7 avril 2009 à 14:28
Ok !
Commence par ceci:
Télécharge Malwarebytes Anti-Malware (MBAM):
MBAM
Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.
Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".
Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".
Poste le rapport généré.
A++ ;)
Commence par ceci:
Télécharge Malwarebytes Anti-Malware (MBAM):
MBAM
Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.
Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".
Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".
Poste le rapport généré.
A++ ;)
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 14:34
7 avril 2009 à 14:34
L'analyse est en cours.
Apperement le virus est bien un Win 32, car lorsque le petit logiciel me fait l'analyse, ya Kaspersky qui vient me dire que je veut avoir acces a des fichiers contenant le virus.
EDIT : Analyse finie :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1947
Windows 6.0.6001 Service Pack 1
07/04/2009 14:33:40
mbam-log-2009-04-07 (14-33-40).txt
Type de recherche: Examen rapide
Eléments examinés: 63071
Temps écoulé: 2 minute(s), 38 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstsc (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Windows\System32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Windows\System32\drivers\down\291004.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\system\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Users\Manu\AppData\Roaming\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Apperement le virus est bien un Win 32, car lorsque le petit logiciel me fait l'analyse, ya Kaspersky qui vient me dire que je veut avoir acces a des fichiers contenant le virus.
EDIT : Analyse finie :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1947
Windows 6.0.6001 Service Pack 1
07/04/2009 14:33:40
mbam-log-2009-04-07 (14-33-40).txt
Type de recherche: Examen rapide
Eléments examinés: 63071
Temps écoulé: 2 minute(s), 38 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstsc (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Windows\System32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Windows\System32\drivers\down\291004.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\system\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Users\Manu\AppData\Roaming\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Utilisateur anonyme
7 avril 2009 à 14:39
7 avril 2009 à 14:39
Ok! Ré-ouvre MBAM, va sur "Quarantaine" et supprime tout.
========================================
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
==> Va dans "Démarrer" puis Panneau de configuration.
==> Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
==> Clique sur Continuer.
==> Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
==> Valide par OK et redémarre.
Telecharge maintenant Findykill, par Chiquitine29 sur ton bureau
Lance l'installation avec les paramètres par défaut
Fais un clic droit sur le raccourci FindyKill sur ton bureau
Choisis exécuter en tant qu'administrateur
Au menu principal, choisis l'option 1 (Recherche)
Poste le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
========================================
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
==> Va dans "Démarrer" puis Panneau de configuration.
==> Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
==> Clique sur Continuer.
==> Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
==> Valide par OK et redémarre.
Telecharge maintenant Findykill, par Chiquitine29 sur ton bureau
Lance l'installation avec les paramètres par défaut
Fais un clic droit sur le raccourci FindyKill sur ton bureau
Choisis exécuter en tant qu'administrateur
Au menu principal, choisis l'option 1 (Recherche)
Poste le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 14:54
7 avril 2009 à 14:54
############################## [ FindyKill V4.722 ]
# User : Manu (Administrateurs) # PC-DE-MANU
# Update on 04/04/09 by Chiquitine29
# Start at: 14:52:11 | 07/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 465,76 Go (220,41 Go free) # NTFS
# D:\ # Disque fixe local # 232,75 Go (130,47 Go free) # NTFS
# E:\ # Disque CD-ROM
############################## [ Processus actifs ]
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\FrapsII\fraps.exe
C:\Windows\comrepl.exe
C:\Windows\System32\hdsp32.exe
C:\Windows\System32\hdspmix.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
################## [ C:\Windows # C:\Windows\Prefetch ]
################## [ C:\Windows\System32... ]
################## [ C:\Users\Manu\AppData\Roaming ]
################## [ C:\Users\Manu...\Temp Files... ]
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\Local AppWizard-Generated Applications\key_generator
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\MuleAppData
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\MuleAppData
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.722 ! ]
L'analyse a été tres courte :o
Je me demande si il a analysé le Disque C ou si il a analysé le D (Deuxieme disque dur avec XP dessus)
# User : Manu (Administrateurs) # PC-DE-MANU
# Update on 04/04/09 by Chiquitine29
# Start at: 14:52:11 | 07/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 465,76 Go (220,41 Go free) # NTFS
# D:\ # Disque fixe local # 232,75 Go (130,47 Go free) # NTFS
# E:\ # Disque CD-ROM
############################## [ Processus actifs ]
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\FrapsII\fraps.exe
C:\Windows\comrepl.exe
C:\Windows\System32\hdsp32.exe
C:\Windows\System32\hdspmix.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
################## [ C:\Windows # C:\Windows\Prefetch ]
################## [ C:\Windows\System32... ]
################## [ C:\Users\Manu\AppData\Roaming ]
################## [ C:\Users\Manu...\Temp Files... ]
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\Local AppWizard-Generated Applications\key_generator
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\MuleAppData
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\MuleAppData
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.722 ! ]
L'analyse a été tres courte :o
Je me demande si il a analysé le Disque C ou si il a analysé le D (Deuxieme disque dur avec XP dessus)
Utilisateur anonyme
7 avril 2009 à 15:01
7 avril 2009 à 15:01
Il a analysé C: avec Vista.
Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
Fais clic droit sur le raccourci FindyKill sur ton bureau
Choisis exécuter en tant qu'administrateur
Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué"
/!\ Ne te sers pas du pc durant la suppression , ton bureau ne sera pas accessible c'est normal !
Ensuite poste le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
/!\Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide/!\
Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
Fais clic droit sur le raccourci FindyKill sur ton bureau
Choisis exécuter en tant qu'administrateur
Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué"
/!\ Ne te sers pas du pc durant la suppression , ton bureau ne sera pas accessible c'est normal !
Ensuite poste le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
/!\Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide/!\
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 15:30
7 avril 2009 à 15:30
############################## [ FindyKill V4.722 ]
# User : Manu (Administrateurs) # PC-DE-MANU
# Update on 04/04/09 by Chiquitine29
# Start at: 15:10:22 | 07/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 465,76 Go (220,32 Go free) # NTFS
# D:\ # Disque fixe local # 232,75 Go (130,47 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1,86 Go (1,36 Go free) [AVALON] # FAT
############################## [ Active Processes ]
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\FrapsII\fraps.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\conime.exe
################## [ C:\Windows # C:\Windows\Prefetch ]
################## [ C:\Windows\System32... ]
################## [ C:\Users\...\AppData\Roaming ]
################## [ Cleaning .. Temp Files... ]
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\MuleAppData
################## [ Cleaning Removable drives ]
# Deleting Files :
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Wlansvc -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# -> UAC is Enable.
################## [ Searching Other Infections ]
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\1-abc.net Right Click Configurator 1.01.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\A Thanksgiving Turkey Demo Screensaver 1.0 (With Crack).zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\A1 Website Download 1.1.9 Cracked.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ABC Amber Visio Converter 1.03 Serial.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\AdeptSQL Diff 1.95 Build 87 (KeyGen).zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Advanced SMTP Server 2.7.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\AlbaWrite 3.1.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Amazon Top Deals 1.0.0.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ASP.NET BLOB & Thumbnail Controls 2.0.0.15.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Atrise Find Bad Information 1.1.0.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\BBC Radio 2 Player 1.0.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Bg.-.Karizma.(2006).-.Eklisiast.(By.Panda.1960).zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\BitControl 0.1.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\CardSuite 3.71.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Chinese DrugPhoto 1.00 [Patch].zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\click'n share photo 1.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Clock Tray Skins 4.1.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Commodity Price Quotes 1.00.4.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Connect 3.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Contact Manager (OS X) 1.0.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Cool Color Picker 1.1.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Crayon On Concrete 1.0.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\CTube! 3.92.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\D-FileMU 1.8.8.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Dark Wizard Records toolbar for IE 4.5.129.0.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DataMatrix .NET Control 1.2 Key.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Designing a Microsoft Windows 2000 Directory Services Infrastructure 6.10.05.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Desktop Adviser 5.7.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DidTheyReadIt Outlook Plugin 1.0.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DJ Java Decompiler 3.10.10.93.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Download Accelerator Manager 3.0.0.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Download Boost 2.00 [Cracked].zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DSpeech 1.55.1.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Dungeon Siege Yesterhaven mod.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DVD to Zune 1.2.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\e-PDF To HTML Converter 2.0 [With Crack].zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Eastsea Audio Converter 2.0 (Serial).zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Easy Diary 1.10.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Easy Mortgage Calculator 1.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\EasyFeed 1.1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Excel Phone Number Format Software 7.0.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Excel Remove Error Cells In Multiple Files Software 7.0.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\File Backup Watcher Lite Edition 2.8.19.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\FlexiServer Management Software 1.02 Cracked.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\foo out asio 1.2.6.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ForeFlight 2.0 [Cracked].zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Friendship Management 2.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\FTP Client for Microsoft Windows 1.0.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\GodsofOlympus 1.0.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\GoldLeo Audio Recorder 2.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Halftone Search for Google Desktop 1.2.4 Patch.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\hsCADCreator 1.0.3.36.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\IncrediFace 1.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Internet Disk Cleaner 2.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\iPod Video Converter + DVD to iPod Suite 3.16.3.29.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\JamDTA ActiveX Control 4.0.4.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Jesse McCartney Screensaver 3.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\JM-Mobile Editor 1.01.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Kaspersky.6.ITA.+.key.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Koikoi Komachi X International 1.3.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Korben WatchDog 1.0.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Letter Drop 2.3h [Patch].zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Liquid 3.5.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\LiveProject Project Collaboration 2.7.0.0.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MailChecker 1.1 (Key).zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MAPILab Groupware Server 1.2.1.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Mars Encapsulator 2.0 Crack.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Memory Monitor 1.0.0.1.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Mocha X Server 2.0.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Moon phase 1.1.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Move Toolbar 1.1.4.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MP3-Burner, The Simple Way! 6.5.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MSSQL-to-Excel 1.5 (Serial).zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MSSQL-to-Excel 1.5.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Nevo DVD to 3GP Converter 2008 2.1.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\nh2b Immo Lite 1.0.7.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\NTFS-FAT Data Doctor Recovery 2.0.1.5.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\O&O DiskStat Professional Edition 1.0.2687.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Objects in the Sky 1.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Optimal HTML v1.2 Key.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Oriens JPEG2000 Basic 1.3.167.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Oxygen Directory Spy ActiveX Control 1.5.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Paint Express 1.3.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PerfmonBar 1.0.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PingMaster 0.9.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Portable SiriSoft FileFinder 3.1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Product Key Finder 1.01.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Projetex Project Management Server 2005.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PS Video To PSP Converter 1.00 Cracked.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Public Records 1.0.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Q-NewsTicker 1.061.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\QBAutomation - Merchant 1.0.0 [Patch].zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Quick Recovery for Windows FAT & NTFS 11.09.05 (Patch).zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Radical Rebound 5.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Random Password Generator-PRO 12.1 [Crack].zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Rapid Resizer 2.6.1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\RAV AntiVirus Desktop 8.6.105.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Right Backup Professional 1.00 (Cracked).zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Run-time Exception Dumper 2.1.0 With Crack.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Safe Chat Standard Edition with Parental Controls 1.8.7 [Serial].zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Search Engine Creator for PHP 2.1 Crack.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Signsrch 0.1.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SingAlong Player 2008 1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Slingvine Slinger 1.0.0.34 Beta.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SmartWhois 4.2 Build 205 (With Crack).zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SS Pamela Anderson Screensaver 1.0.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Stalker Mobile 176x208.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Stardust Wallpaper Control 2003 1.0.0.3.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Streamer Widget 1.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Sun 3D Screensaver 1.1 (KeyGen).zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SWF Extractor 2.2 (Crack).zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SymLab Professional 1.2.2.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Time Maxthon Plugin 1.0.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\TimesOwn 3.1.7 KeyGen.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Total Vectorize 1.01.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Total WMA Converter 1.01 [Serial].zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Translate Page 1.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\TVPX 1031 Depreciation Solution 4.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Twilight Mahjongg 6.3.9s.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\UltiSum 1.15.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Unreal Tournament 2003 - Poindexter skin.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Unreal Tournament 2004 DM Silent Hell map.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ViPNet Password Roulette 2.9.2 build 1042.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\VoltoWFO Web Form Objects Component 1.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Water Garden Screen Saver 1.3.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\WelMos 1.0b.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\WinCHM Pro 3.412.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\3D Sumo Babies Ballerinas 3.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\4Musics OGG to WAV Converter 4.0 [Serial].zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\A Day With Charlie 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ABC Amber SVG Converter 2.01.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Acdsee Photo Editor 4.0 build 195.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AES Home 4.0 [Key].zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AfterHour 2.3.1.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Age of Mythology - Keeper of the Realms scenario.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Agent Orange Font 1.0.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Akeni Enterprise Instant Messaging LDAP 2.2 [Crack].zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AnotherDesk 2.0.00.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Aplus DVD to Cell Phone Ripper 8.28 With Crack.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Apple TTY Tool 1.0.1.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Asian Castle Jigsaw Puzzle 1.0.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AVI WMV MPEG Converter 1.1.6 Patch.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Battlefield 1942 - Uberdeen map.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Buffer 2.1.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Bush Countdown Clock 1.5.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CD3WD Food Processing 3.8.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ClamWin.Free.Antivirus.0.88.7.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Clone Table for MS SQL Server Professional 1.0 Crack.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Collectorz.com Book Collector 5.2 Build 2.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Command & Conquer Generals - Slareneg map.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CompanyLogoDesigner 2.01.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Connect Daily 3.4.0.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Cool Media To MP3 WAV Converter 3.12.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CQPhone 2.4.04.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Database Tour Pro 5.3.1.779.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dave 4.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DB Audio Mixer & Editor 1.0 (KeyGen).zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Deer Hunter 2004.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DemonoidBar 4.5.114.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DENNEY 1.0 (With Crack).zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Direct Reminder Voice 1.03.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Distributor Pro 0.6 Patch.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dolphins Screensaver 1.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DoubleKiller 1.6.1.8.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dreamer 3D Waterfall Screensaver 1.1 Key+Serial.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DVD Snapshot 1.5.7.1 Key.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EACompression Zip Component 1 (Cracked).zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Easy Audio Grabber 2.0.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EasyMail .Net Edition 2.1 [Crack].zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EasyVBApps EasyPicture 0.1 Beta.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EssentialPIM 2.02.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ExamSim 5.5.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FactotumNOW IAS Reporting 3.42 (Key+Serial).zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\File Pulverizer 5.0 [KeyGen].zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\File Uploader 1.10 Build 46.3.zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FirePanel Vista 2.6.0.0.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Flashcards 2.1.1.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FLV Importer Pro for Adobe Premiere 2.0.4.4.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\foo playcount 2.1.5.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\GYRODROME Screensaver 1.00 Serial.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Hafez Editable Photo Album 1.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Heaven Theme 1.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\His Holiness the 14th Dalai Lama 2 1.0.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Hotkey Jumpstart 1.4.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\HTMLShip 2.0 (Key).zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\iDVDMAX 1.1.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\iGetter Download Manager 2.0.1.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\IphotoDVD Wizard 2.2.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Jpeg Scrubber 2.0 [Serial].zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Keyset 1.0.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LifeType 1.2.8.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 English - French 1.1.17 [Key].zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 Russian - Azerbaijani 4.0.22.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LittleBrowse 1.0 Beta 2 Build 0203.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Magic Audio Editor Pro 10.2.7.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Mail me 3.00.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MB Free Chinese Astrology Software 1.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MB7-224 Practice Exam Testing Engine Software 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MDB2CSV 1.01 (KeyGen).zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MedReader Physician Edition 3.0.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Memory Guard 2.3.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Microsoft Network Monitor 3.2.1303.0.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Mihov EXIF Renamer 3.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MKV to AVI Converter 3.2.0.084.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\News By Keywords 1.4.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Nod32 2.12.2 + patch works instructions.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\OmniValue 2.1.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Oracle-to-MySQL 3.3.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Panda.Internet.Security.2006.Multi-BSy.GEAR.forwwoldesel.to.zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PanelMeter 1.2.48.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Password Boss 2.25.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PC Network Traffic Monitor and Analyzer 4.06 build 183.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pc Tools File Recover 6.1.0.29.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PDFPrint Command Line 2.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Photo Printer 2.3 [Key].zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pic2Pic Pro 2.7.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Plancoin 0.3.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pure CD Ripper 3.6 [Patch].zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Quick Change Directory (QCD) 1.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Redirect Remover 2.5.3.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\River Past Crazi Video for Zune 2.5.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Russell Diagram 1.00.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\S2 Adept 1.2.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Salon Iris 6.0.1.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sawmill 7.2.10 [Key].zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Scriptware 3.0 Key+Serial.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Seria-A Statistics in Excel (Season 2005-06) 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SF3 Photoflight Tools 1.006 [Serial].zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ShadowProtect Desktop Edition 2.0.1.27.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Shark Video Converter Gold 6.4.9.4 [Cracked].zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Single Hue 1.0.zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SiteChange2Email 1.0.1.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sleep Timer Pro 4.8.2.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sony ImageStation Xpress Upload Software 1.0.6.24.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Speak Clipboard 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Split Text Files Software 7.0.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Spy-Ad Exterminator Pro 1.04.5.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sql2Csv 1.0.2.2.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\StartUp Manager 1.01 [Patch].zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\StationRipper 2.91B.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SuperPIM 1.94.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SWF To Video Scout 1.72.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Tara Reid 1.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Tembria Server Monitor 5.2.5.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Total Shield Tracks Cleaner 1.60.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\TrafficCompressor 1.0.352.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\TwinGrid 7.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Vision Simulator 1.0.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Wallpap1 2.01.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Wallpapers Manager 0.4.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Websites Online 1.0 With Crack.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\WinScheduler 7.2.0.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\WinSent 1.1.10.128.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Xeonn-Turbo 2.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\XPicture 1.6.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
################## [ Corrupted files # Re-Installation required ]
C:\Program Files (x86)\Wanadoo\Monitor.exe
C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
C:\Users\All Users\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
D:\Program Files\Alwil Software\Avast4\ashAvast.exe
D:\Program Files\Alwil Software\Avast4\ashChest.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Alwil Software\Avast4\ashLogV.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashPopWz.exe
D:\Program Files\Alwil Software\Avast4\ashQuick.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Alwil Software\Avast4\ashSimp2.exe
D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
D:\Program Files\Alwil Software\Avast4\ashSkPck.exe
D:\Program Files\Alwil Software\Avast4\ashUpd.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\sched.exe
D:\Program Files\Alwil Software\Avast4\VisthLic.exe
D:\Program Files\Alwil Software\Avast4\VisthUpd.exe
D:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe
D:\Program Files\Mozilla Firefox\uninstall\helper.exe
D:\WINDOWS\$hf_mig$\KB898461\update\update.exe
D:\WINDOWS\$hf_mig$\KB911164\update\update.exe
D:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB946648\update\update.exe
D:\WINDOWS\$hf_mig$\KB950762\update\update.exe
D:\WINDOWS\$hf_mig$\KB950974\update\update.exe
D:\WINDOWS\$hf_mig$\KB951066\update\update.exe
D:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
D:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
D:\WINDOWS\$hf_mig$\KB951618-v2\update\update.exe
D:\WINDOWS\$hf_mig$\KB951698\update\update.exe
D:\WINDOWS\$hf_mig$\KB951748\update\update.exe
D:\WINDOWS\$hf_mig$\KB951978\update\update.exe
D:\WINDOWS\$hf_mig$\KB952287\update\update.exe
D:\WINDOWS\$hf_mig$\KB952954\update\update.exe
D:\WINDOWS\$hf_mig$\KB953838\update\update.exe
D:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB953839\update\update.exe
D:\WINDOWS\$hf_mig$\KB954211\update\update.exe
D:\WINDOWS\$hf_mig$\KB954459\update\update.exe
D:\WINDOWS\$hf_mig$\KB954600\update\update.exe
D:\WINDOWS\$hf_mig$\KB955069\update\update.exe
D:\WINDOWS\$hf_mig$\KB955839\update\update.exe
D:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB956391\update\update.exe
D:\WINDOWS\$hf_mig$\KB956802\update\update.exe
D:\WINDOWS\$hf_mig$\KB956803\update\update.exe
D:\WINDOWS\$hf_mig$\KB956841\update\update.exe
D:\WINDOWS\$hf_mig$\KB957095\update\update.exe
D:\WINDOWS\$hf_mig$\KB957097\update\update.exe
D:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB958644\update\update.exe
D:\WINDOWS\$hf_mig$\KB958687\update\update.exe
D:\WINDOWS\$hf_mig$\KB958690\update\update.exe
D:\WINDOWS\$hf_mig$\KB960225\update\update.exe
D:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB960715\update\update.exe
D:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB967715\update\update.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
################## [ ! End of Report # FindyKill V4.722 ! ]
# User : Manu (Administrateurs) # PC-DE-MANU
# Update on 04/04/09 by Chiquitine29
# Start at: 15:10:22 | 07/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 465,76 Go (220,32 Go free) # NTFS
# D:\ # Disque fixe local # 232,75 Go (130,47 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1,86 Go (1,36 Go free) [AVALON] # FAT
############################## [ Active Processes ]
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\FrapsII\fraps.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\conime.exe
################## [ C:\Windows # C:\Windows\Prefetch ]
################## [ C:\Windows\System32... ]
################## [ C:\Users\...\AppData\Roaming ]
################## [ Cleaning .. Temp Files... ]
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\MuleAppData
################## [ Cleaning Removable drives ]
# Deleting Files :
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Wlansvc -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# -> UAC is Enable.
################## [ Searching Other Infections ]
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\1-abc.net Right Click Configurator 1.01.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\A Thanksgiving Turkey Demo Screensaver 1.0 (With Crack).zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\A1 Website Download 1.1.9 Cracked.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ABC Amber Visio Converter 1.03 Serial.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\AdeptSQL Diff 1.95 Build 87 (KeyGen).zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Advanced SMTP Server 2.7.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\AlbaWrite 3.1.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Amazon Top Deals 1.0.0.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ASP.NET BLOB & Thumbnail Controls 2.0.0.15.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Atrise Find Bad Information 1.1.0.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\BBC Radio 2 Player 1.0.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Bg.-.Karizma.(2006).-.Eklisiast.(By.Panda.1960).zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\BitControl 0.1.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\CardSuite 3.71.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Chinese DrugPhoto 1.00 [Patch].zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\click'n share photo 1.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Clock Tray Skins 4.1.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Commodity Price Quotes 1.00.4.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Connect 3.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Contact Manager (OS X) 1.0.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Cool Color Picker 1.1.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Crayon On Concrete 1.0.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\CTube! 3.92.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\D-FileMU 1.8.8.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Dark Wizard Records toolbar for IE 4.5.129.0.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DataMatrix .NET Control 1.2 Key.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Designing a Microsoft Windows 2000 Directory Services Infrastructure 6.10.05.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Desktop Adviser 5.7.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DidTheyReadIt Outlook Plugin 1.0.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DJ Java Decompiler 3.10.10.93.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Download Accelerator Manager 3.0.0.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Download Boost 2.00 [Cracked].zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DSpeech 1.55.1.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Dungeon Siege Yesterhaven mod.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DVD to Zune 1.2.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\e-PDF To HTML Converter 2.0 [With Crack].zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Eastsea Audio Converter 2.0 (Serial).zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Easy Diary 1.10.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Easy Mortgage Calculator 1.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\EasyFeed 1.1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Excel Phone Number Format Software 7.0.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Excel Remove Error Cells In Multiple Files Software 7.0.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\File Backup Watcher Lite Edition 2.8.19.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\FlexiServer Management Software 1.02 Cracked.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\foo out asio 1.2.6.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ForeFlight 2.0 [Cracked].zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Friendship Management 2.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\FTP Client for Microsoft Windows 1.0.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\GodsofOlympus 1.0.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\GoldLeo Audio Recorder 2.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Halftone Search for Google Desktop 1.2.4 Patch.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\hsCADCreator 1.0.3.36.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\IncrediFace 1.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Internet Disk Cleaner 2.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\iPod Video Converter + DVD to iPod Suite 3.16.3.29.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\JamDTA ActiveX Control 4.0.4.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Jesse McCartney Screensaver 3.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\JM-Mobile Editor 1.01.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Kaspersky.6.ITA.+.key.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Koikoi Komachi X International 1.3.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Korben WatchDog 1.0.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Letter Drop 2.3h [Patch].zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Liquid 3.5.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\LiveProject Project Collaboration 2.7.0.0.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MailChecker 1.1 (Key).zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MAPILab Groupware Server 1.2.1.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Mars Encapsulator 2.0 Crack.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Memory Monitor 1.0.0.1.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Mocha X Server 2.0.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Moon phase 1.1.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Move Toolbar 1.1.4.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MP3-Burner, The Simple Way! 6.5.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MSSQL-to-Excel 1.5 (Serial).zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MSSQL-to-Excel 1.5.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Nevo DVD to 3GP Converter 2008 2.1.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\nh2b Immo Lite 1.0.7.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\NTFS-FAT Data Doctor Recovery 2.0.1.5.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\O&O DiskStat Professional Edition 1.0.2687.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Objects in the Sky 1.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Optimal HTML v1.2 Key.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Oriens JPEG2000 Basic 1.3.167.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Oxygen Directory Spy ActiveX Control 1.5.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Paint Express 1.3.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PerfmonBar 1.0.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PingMaster 0.9.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Portable SiriSoft FileFinder 3.1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Product Key Finder 1.01.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Projetex Project Management Server 2005.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PS Video To PSP Converter 1.00 Cracked.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Public Records 1.0.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Q-NewsTicker 1.061.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\QBAutomation - Merchant 1.0.0 [Patch].zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Quick Recovery for Windows FAT & NTFS 11.09.05 (Patch).zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Radical Rebound 5.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Random Password Generator-PRO 12.1 [Crack].zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Rapid Resizer 2.6.1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\RAV AntiVirus Desktop 8.6.105.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Right Backup Professional 1.00 (Cracked).zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Run-time Exception Dumper 2.1.0 With Crack.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Safe Chat Standard Edition with Parental Controls 1.8.7 [Serial].zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Search Engine Creator for PHP 2.1 Crack.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Signsrch 0.1.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SingAlong Player 2008 1.zip
Contain install.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Slingvine Slinger 1.0.0.34 Beta.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SmartWhois 4.2 Build 205 (With Crack).zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SS Pamela Anderson Screensaver 1.0.zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Stalker Mobile 176x208.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Stardust Wallpaper Control 2003 1.0.0.3.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Streamer Widget 1.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Sun 3D Screensaver 1.1 (KeyGen).zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SWF Extractor 2.2 (Crack).zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SymLab Professional 1.2.2.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Time Maxthon Plugin 1.0.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\TimesOwn 3.1.7 KeyGen.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Total Vectorize 1.01.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Total WMA Converter 1.01 [Serial].zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Translate Page 1.0.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\TVPX 1031 Depreciation Solution 4.0.zip
Contain run.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Twilight Mahjongg 6.3.9s.zip
Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\UltiSum 1.15.zip
Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Unreal Tournament 2003 - Poindexter skin.zip
Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Unreal Tournament 2004 DM Silent Hell map.zip
Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ViPNet Password Roulette 2.9.2 build 1042.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\VoltoWFO Web Form Objects Component 1.0.zip
Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Water Garden Screen Saver 1.3.zip
Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\WelMos 1.0b.zip
Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\WinCHM Pro 3.412.zip
Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\3D Sumo Babies Ballerinas 3.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\4Musics OGG to WAV Converter 4.0 [Serial].zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\A Day With Charlie 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ABC Amber SVG Converter 2.01.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Acdsee Photo Editor 4.0 build 195.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AES Home 4.0 [Key].zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AfterHour 2.3.1.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Age of Mythology - Keeper of the Realms scenario.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Agent Orange Font 1.0.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Akeni Enterprise Instant Messaging LDAP 2.2 [Crack].zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AnotherDesk 2.0.00.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Aplus DVD to Cell Phone Ripper 8.28 With Crack.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Apple TTY Tool 1.0.1.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Asian Castle Jigsaw Puzzle 1.0.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AVI WMV MPEG Converter 1.1.6 Patch.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Battlefield 1942 - Uberdeen map.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Buffer 2.1.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Bush Countdown Clock 1.5.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CD3WD Food Processing 3.8.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ClamWin.Free.Antivirus.0.88.7.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Clone Table for MS SQL Server Professional 1.0 Crack.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Collectorz.com Book Collector 5.2 Build 2.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Command & Conquer Generals - Slareneg map.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CompanyLogoDesigner 2.01.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Connect Daily 3.4.0.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Cool Media To MP3 WAV Converter 3.12.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CQPhone 2.4.04.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Database Tour Pro 5.3.1.779.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dave 4.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DB Audio Mixer & Editor 1.0 (KeyGen).zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Deer Hunter 2004.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DemonoidBar 4.5.114.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DENNEY 1.0 (With Crack).zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Direct Reminder Voice 1.03.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Distributor Pro 0.6 Patch.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dolphins Screensaver 1.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DoubleKiller 1.6.1.8.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dreamer 3D Waterfall Screensaver 1.1 Key+Serial.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DVD Snapshot 1.5.7.1 Key.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EACompression Zip Component 1 (Cracked).zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Easy Audio Grabber 2.0.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EasyMail .Net Edition 2.1 [Crack].zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EasyVBApps EasyPicture 0.1 Beta.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EssentialPIM 2.02.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ExamSim 5.5.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FactotumNOW IAS Reporting 3.42 (Key+Serial).zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\File Pulverizer 5.0 [KeyGen].zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\File Uploader 1.10 Build 46.3.zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FirePanel Vista 2.6.0.0.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Flashcards 2.1.1.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FLV Importer Pro for Adobe Premiere 2.0.4.4.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\foo playcount 2.1.5.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\GYRODROME Screensaver 1.00 Serial.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Hafez Editable Photo Album 1.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Heaven Theme 1.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\His Holiness the 14th Dalai Lama 2 1.0.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Hotkey Jumpstart 1.4.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\HTMLShip 2.0 (Key).zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\iDVDMAX 1.1.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\iGetter Download Manager 2.0.1.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\IphotoDVD Wizard 2.2.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Jpeg Scrubber 2.0 [Serial].zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Keyset 1.0.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LifeType 1.2.8.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 English - French 1.1.17 [Key].zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 Russian - Azerbaijani 4.0.22.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LittleBrowse 1.0 Beta 2 Build 0203.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Magic Audio Editor Pro 10.2.7.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Mail me 3.00.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MB Free Chinese Astrology Software 1.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MB7-224 Practice Exam Testing Engine Software 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MDB2CSV 1.01 (KeyGen).zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MedReader Physician Edition 3.0.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Memory Guard 2.3.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Microsoft Network Monitor 3.2.1303.0.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Mihov EXIF Renamer 3.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MKV to AVI Converter 3.2.0.084.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\News By Keywords 1.4.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Nod32 2.12.2 + patch works instructions.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\OmniValue 2.1.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Oracle-to-MySQL 3.3.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Panda.Internet.Security.2006.Multi-BSy.GEAR.forwwoldesel.to.zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PanelMeter 1.2.48.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Password Boss 2.25.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PC Network Traffic Monitor and Analyzer 4.06 build 183.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pc Tools File Recover 6.1.0.29.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PDFPrint Command Line 2.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Photo Printer 2.3 [Key].zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pic2Pic Pro 2.7.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Plancoin 0.3.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pure CD Ripper 3.6 [Patch].zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Quick Change Directory (QCD) 1.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Redirect Remover 2.5.3.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\River Past Crazi Video for Zune 2.5.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Russell Diagram 1.00.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\S2 Adept 1.2.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Salon Iris 6.0.1.zip
Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sawmill 7.2.10 [Key].zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Scriptware 3.0 Key+Serial.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Seria-A Statistics in Excel (Season 2005-06) 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SF3 Photoflight Tools 1.006 [Serial].zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ShadowProtect Desktop Edition 2.0.1.27.zip
Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Shark Video Converter Gold 6.4.9.4 [Cracked].zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Single Hue 1.0.zip
Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SiteChange2Email 1.0.1.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sleep Timer Pro 4.8.2.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sony ImageStation Xpress Upload Software 1.0.6.24.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Speak Clipboard 1.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Split Text Files Software 7.0.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Spy-Ad Exterminator Pro 1.04.5.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sql2Csv 1.0.2.2.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\StartUp Manager 1.01 [Patch].zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\StationRipper 2.91B.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SuperPIM 1.94.zip
Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SWF To Video Scout 1.72.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Tara Reid 1.0.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Tembria Server Monitor 5.2.5.zip
Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Total Shield Tracks Cleaner 1.60.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\TrafficCompressor 1.0.352.zip
Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\TwinGrid 7.0.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Vision Simulator 1.0.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Wallpap1 2.01.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Wallpapers Manager 0.4.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Websites Online 1.0 With Crack.zip
Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\WinScheduler 7.2.0.zip
Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\WinSent 1.1.10.128.zip
Contain run.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Xeonn-Turbo 2.0.zip
Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80
Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\XPicture 1.6.zip
Contain install.exe [876544] with Bagle CRC32 : 99FAAE80
################## [ Corrupted files # Re-Installation required ]
C:\Program Files (x86)\Wanadoo\Monitor.exe
C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
C:\Users\All Users\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
D:\Program Files\Alwil Software\Avast4\ashAvast.exe
D:\Program Files\Alwil Software\Avast4\ashChest.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Alwil Software\Avast4\ashLogV.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashPopWz.exe
D:\Program Files\Alwil Software\Avast4\ashQuick.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Alwil Software\Avast4\ashSimp2.exe
D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
D:\Program Files\Alwil Software\Avast4\ashSkPck.exe
D:\Program Files\Alwil Software\Avast4\ashUpd.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\sched.exe
D:\Program Files\Alwil Software\Avast4\VisthLic.exe
D:\Program Files\Alwil Software\Avast4\VisthUpd.exe
D:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe
D:\Program Files\Mozilla Firefox\uninstall\helper.exe
D:\WINDOWS\$hf_mig$\KB898461\update\update.exe
D:\WINDOWS\$hf_mig$\KB911164\update\update.exe
D:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB946648\update\update.exe
D:\WINDOWS\$hf_mig$\KB950762\update\update.exe
D:\WINDOWS\$hf_mig$\KB950974\update\update.exe
D:\WINDOWS\$hf_mig$\KB951066\update\update.exe
D:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
D:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
D:\WINDOWS\$hf_mig$\KB951618-v2\update\update.exe
D:\WINDOWS\$hf_mig$\KB951698\update\update.exe
D:\WINDOWS\$hf_mig$\KB951748\update\update.exe
D:\WINDOWS\$hf_mig$\KB951978\update\update.exe
D:\WINDOWS\$hf_mig$\KB952287\update\update.exe
D:\WINDOWS\$hf_mig$\KB952954\update\update.exe
D:\WINDOWS\$hf_mig$\KB953838\update\update.exe
D:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB953839\update\update.exe
D:\WINDOWS\$hf_mig$\KB954211\update\update.exe
D:\WINDOWS\$hf_mig$\KB954459\update\update.exe
D:\WINDOWS\$hf_mig$\KB954600\update\update.exe
D:\WINDOWS\$hf_mig$\KB955069\update\update.exe
D:\WINDOWS\$hf_mig$\KB955839\update\update.exe
D:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB956391\update\update.exe
D:\WINDOWS\$hf_mig$\KB956802\update\update.exe
D:\WINDOWS\$hf_mig$\KB956803\update\update.exe
D:\WINDOWS\$hf_mig$\KB956841\update\update.exe
D:\WINDOWS\$hf_mig$\KB957095\update\update.exe
D:\WINDOWS\$hf_mig$\KB957097\update\update.exe
D:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB958644\update\update.exe
D:\WINDOWS\$hf_mig$\KB958687\update\update.exe
D:\WINDOWS\$hf_mig$\KB958690\update\update.exe
D:\WINDOWS\$hf_mig$\KB960225\update\update.exe
D:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB960715\update\update.exe
D:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
D:\WINDOWS\$hf_mig$\KB967715\update\update.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
################## [ ! End of Report # FindyKill V4.722 ! ]
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 15:32
7 avril 2009 à 15:32
Bon, mon rapport cette fois :
Kaspersky ne s'est pas redemarré automatiquement, mais par contre, tous les servuces de sécurité de Windows Vista marchent à nouveau.
Kaspersky ne s'est pas redemarré automatiquement, mais par contre, tous les servuces de sécurité de Windows Vista marchent à nouveau.
Utilisateur anonyme
7 avril 2009 à 15:44
7 avril 2009 à 15:44
Ok! Ben apparemment, il n'y en avait pas qu'un de crack infecté !! ;)))))
==========================
Pour retirer Avast totalement: https://www.avast.com/fr-fr/uninstall-utility
==========================
Désinstalle Kasper, version d'essai. Un antivirus gratuit et performant:
Pour avoir un meilleur AV: http://www.commentcamarche.net/telecharger/telecharger 55 antivir
Et pour voir comment tout cela fonctionne: http://forum.malekal.com/ftopic4192.php
===========================
Fais ensuite ce petit nettoyage:
Télécharge CCleaner, version Slim, sans toolbar:
CCLEANER
Va dans "Options">>"Avancé". Décoche la première ligne.
Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!
Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.
/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\
Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.
===========================
Poste ensuite un nouveau rapport RSIT. Tu n'auras qu'un rapport qui s'ouvrira, log.txt, poste-le.
A++ ;)
==========================
Pour retirer Avast totalement: https://www.avast.com/fr-fr/uninstall-utility
==========================
Désinstalle Kasper, version d'essai. Un antivirus gratuit et performant:
Pour avoir un meilleur AV: http://www.commentcamarche.net/telecharger/telecharger 55 antivir
Et pour voir comment tout cela fonctionne: http://forum.malekal.com/ftopic4192.php
===========================
Fais ensuite ce petit nettoyage:
Télécharge CCleaner, version Slim, sans toolbar:
CCLEANER
Va dans "Options">>"Avancé". Décoche la première ligne.
Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!
Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.
/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\
Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.
===========================
Poste ensuite un nouveau rapport RSIT. Tu n'auras qu'un rapport qui s'ouvrira, log.txt, poste-le.
A++ ;)
_PhO_
Messages postés
32
Date d'inscription
mercredi 17 octobre 2007
Statut
Membre
Dernière intervention
16 avril 2009
7 avril 2009 à 16:08
7 avril 2009 à 16:08
Merci beaucoup pour toute cette aide =)
J'ai suivis la procédure =)
Avira est-il vraiment mieux que Avast ? D'apres certains comparatifs, non :o
Bon, voila le rapport : (S'il vous faut TOUT le rapport, dites le moi)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Manu at 2009-04-07 16:06:07
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 225 GB (47%) free of 477 GB
Total RAM: 3070 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:11, on 07/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\FrapsII\fraps.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Users\Manu\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Manu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
O1 - Hosts: 94.23.49.62 L2authd.lineage2.com
O1 - Hosts: 94.23.49.62 L2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Windows\System\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF55286-B0A2-46C5-B440-C5CBCFD100F2}: NameServer = 192.168.1.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
J'ai suivis la procédure =)
Avira est-il vraiment mieux que Avast ? D'apres certains comparatifs, non :o
Bon, voila le rapport : (S'il vous faut TOUT le rapport, dites le moi)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Manu at 2009-04-07 16:06:07
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 225 GB (47%) free of 477 GB
Total RAM: 3070 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:11, on 07/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\FrapsII\fraps.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Users\Manu\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Manu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
O1 - Hosts: 94.23.49.62 L2authd.lineage2.com
O1 - Hosts: 94.23.49.62 L2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Windows\System\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF55286-B0A2-46C5-B440-C5CBCFD100F2}: NameServer = 192.168.1.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
