Virus Persistant

_PhO_ Messages postés 36 Date d'inscription   Statut Membre -  
 Utilisateur anonyme -
Bonjour,

Honte à moi ! J'ai fais une erreur fatale : lancer une application sans précautions.

En effet, c'est à la suite d'une bête manip de débutant (un simple double clik sur un ".exe") que ce (ou pluôt "ces") Virus, Malwares, Spywares, Chevaux de troie (tout ce que vous voulez) sont apparus.

Bon à la suite de ça, j'ai viré le petit Avast qui n'est pas foutu de faire quelque chose de potable, et qui d'ailleurs ne se lançait plus (car le virus à neutralisé toutes les defences de mon PC, y compris le system de sécurité de Windows Vista ; CCleaner aussi d'ailleurs) et j'ai installé la version d'essaie de Kaspersky (8.0.0.506).

Bon lui non plus de pouvant se lancer, je suis allé le lancer en Mode Sans Echecs (Ô Miracle ça marche, ya pas le fameux ecran bleu qui te met dans l'impossibilité de lancer le mode Sans Echecs...)

Pis l'analyse de Kaspersky s'est assez bien déroulée (je pensais) avec une bonne 50aine de virus supprimés.

Une fois revenu en mode normal, Kaspersky se lance mais le system securité windows : Impossible (preuve en image)

http://img3.imageshack.us/img3/8407/3emproblem.jpg

http://img3.imageshack.us/img3/6892/2emproblem.jpg

Bon, je me suis rendu compte, d'apres les virus supprimés auparavant, que le virus s'était logé dans :

C:\Users\XXXX(nom utilisateur)\AppData\Local
C:\Users\XXXX\AppData\Roaming


Sous la forme d'executables et autre. Apparement, ceci est la base du virus, car des que je le supprime, ça revient quelques temps apres, et des que l'antivirus le met en quarantaine au autre : pareil. (noter aussi que les ".exe" sont aussi dans les processus windows et se lancent tous seuls comme des grands.

http://img3.imageshack.us/img3/5560/4emproblem.jpg

http://img3.imageshack.us/img3/5488/5emproblem.jpg

(Et un 3ieme executable qui se nomme "ieudinit.exe" je crois (un truc du genre))

Donc, voila, j'aimerais bien à ne pas avoir à formater mon DD, parce que bon du 500Go a sauvegarder, c'est assez longt ='(

En attendant votre aide,

Cordialement Gabriel.
Configuration: Windows Vista
Safari 525.28.1

60 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection virale survient après l'exécution d'un fichier .exe, entraînant la désactivation des protections Windows Vista et l'apparition de processus malveillants qui réapparaissent lorsque les antivirus se contentent de mises en quarantaine.
Plusieurs solutions sont testées pour éradiquer l'infection, notamment le passage en mode sans échec, l'échec des antivirus traditionnels et l'emploi d'outils spécialisés comme ComboFix, Navilog1 ou RSIT pour analyser et supprimer les éléments malveillants.
Les échanges évoquent des options comme Malwarebytes et RSIT, avec des éléments indiquant qu'un formatage reste parfois préconisé lorsque l'infection persiste malgré les nettoyages réalisés.
En cas de doute, des mesures préventives régulières ou des sauvegardes importantes sont recommandées avant toute opération majeure, afin d'éviter la perte de données lors d'un nettoyage en profondeur.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ric025
     
    Re !

    Ben, pour tes vacances, profite bien !! ;))

    Sinon, pour le pc, c'est pas bon du tout. Bref, une infection que l'on ne peut pas supprimer sans Combofix apparemment.

    Avec l'aide d'un autre helper (oui, sans que tu le saches, on était deux sur ton cas) il apparait que la solution la plus simple reste le formatage. Je déteste en arriver là, mais malheureusement, cela arrive parfois. La 64bits de Vista empêche Combofix de fonctionner et il semble que cela restera ainsi. OtMoveIt ne trouve pas ce que l'on veut supprimer (malgré une petite erreur de script de ma part...).

    Voilà, désolé.

    ++
    2
  2. mino262 Messages postés 750 Date d'inscription   Statut Membre Dernière intervention   103
     
    ... =S

    jai eu EXACTEMENT la même merde ...

    je t'avou que j'ai désespérer et j'ai fini par formater !!

    si tu as plusieurs partition sur ton disque ... tu ne perdras pas tout ...

    BONNE CHANCE
    0
  3. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    Partitioner, au risque que le virus se propage ? :s
    0
  4. mino262 Messages postés 750 Date d'inscription   Statut Membre Dernière intervention   103
     
    mais tu n'aura pas de message du genre "impossible de supprimer tatata ... "
    si le virus est sous ta partition ou il n'y a pas l'OS,

    donc au pire ... tu perd quelques fichier ...

    c'est mieu que de tout perdre =P
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    Oui ^^

    Mais de toute façon, j'ai une DD de 250 que je vais formater d'ici peu qui pourrait me servir de stockage...

    Mais je voudrais éviter tout ça ^^'
    0
  7. mino262 Messages postés 750 Date d'inscription   Statut Membre Dernière intervention   103
     
    alors je peut pas t'aider ... il bloque tout, j'ai essayer plusieur antivirus,rien a faire

    et au bout d'un ptit temps, tu ne pourra même plus ouvrir un logiciel ...

    si tu n'en n'est pas deja arriver la ...
    0
  8. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    Nan mais la ça fait une semaine que je marche tranquillou... CCleaner, Kaspersky et tout le tralala marche bien, mais bon chu pas tranquille de tourner avec un virus sur ma machine ><
    0
  9. mino262 Messages postés 750 Date d'inscription   Statut Membre Dernière intervention   103
     
    et en réinstallant avast ??
    quand tu redemarre ton ordi, et qu'il fait une vérification totale,

    c'est la qu'il supprime tout ...
    0
  10. ric025
     
    Salut _Pho_

    Fais ceci stp:

    Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    http://images.malwareremoval.com/random/RSIT.exe

    Double-clique sur RSIT.exe.

    Clique sur Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    A noter: Les rapports se trouvent également ici: C:\rsit.

    ++
    0
  11. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    @mino262 : Mon antivirus est déjà censé avoir tout supprimé ^^
    Concernant Avast, c'est la que tu vois la différence entre un Freeware et logiciel payant, avast n'a rien trouvé, Kaspersky a trouvé lui ^^.

    @ric025 : Merci pour votre aide.

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Manu at 2009-04-07 14:06:07
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 219 GB (46%) free of 477 GB
    Total RAM: 3070 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:06:15, on 07/04/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\FrapsII\fraps.exe
    C:\Windows\System32\hdsp32.exe
    C:\Windows\System32\hdspmix.exe
    C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files (x86)\Safari\Safari.exe
    C:\Program Files (x86)\eMule\emule.exe
    C:\Users\Manu\Desktop\RSIT.exe
    C:\Program Files (x86)\trend micro\Manu.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F3 - REG:win.ini: load=C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: 94.23.49.62 L2authd.lineage2.com
    O1 - Hosts: 94.23.49.62 L2testauthd.lineage2.com
    O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Windows\System\rsvp.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System\cisvc.exe /waitservice
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF55286-B0A2-46C5-B440-C5CBCFD100F2}: NameServer = 192.168.1.1
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    0
  12. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    @ric025 :

    Info.txt

    info.txt logfile of random's system information tool 1.06 2009-04-07 14:06:18

    ======Uninstall list======

    -->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    -->C:\Windows\UNNeroShowTime.exe /UNINSTALL
    -->C:\Windows\UNNeroVision.exe /UNINSTALL
    -->C:\Windows\UNRecode.exe /UNINSTALL
    -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Attansic Ethernet Utility-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
    Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\Windows\SysWOW64\Attansic\L1\atcInst.dll,VisUninst C:\Windows\SysWOW64\Attansic\L1 x64 pci\ven_1969&dev_1048
    BBE Sonic Maximizer 2.0 Full-->MsiExec.exe /I{D799CA10-F7D5-46FF-97D7-06195C9EDA70}
    CamStudio 2.0 Fr-->"C:\Program Files (x86)\CamStudio\unins000.exe"
    CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
    DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule-->"C:\Program Files (x86)\eMule\Uninstall.exe"
    EZXClaustrophobic-->MsiExec.exe /I{8094F7AE-CA21-4AF2-A256-BC918CE0E796}
    EZXCocktail-->MsiExec.exe /I{147567F0-8575-4BE0-B5B3-62706C67FA5A}
    EZXNashville-->MsiExec.exe /I{82DF9225-13EC-41BD-BE31-AAB121B38166}
    EZXPercussion-->MsiExec.exe /I{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}
    EZXVintage-->MsiExec.exe /I{430399DC-98BC-4A7F-8F8E-77981CABAE05}
    Fraps (remove only)-->"C:\FrapsII\uninstall.exe"
    GForce - Minimonsta-->C:\Windows\unvise32.exe c:\program files (x86)\steinberg\vstplugins\GForce\Minimonsta\uninstal.log
    GIMP 2.6.6-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
    GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
    HyperCam 2-->"C:\Program Files (x86)\HyCam2\UnHyCam2.exe"
    IsoBuster 2.0-->"C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
    Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
    Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
    LimeWire PRO 4.12.6-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
    Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-002A-040C-1000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.1)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Norton Security Scan-->MsiExec.exe /I{230C4A45-2586-4161-84EF-5C0D75D5B270}
    NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Outil de mise à jour Google-->"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Picasa 2-->"C:\Program Files (x86)\Picasa2\Uninstall.exe"
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
    Safari-->MsiExec.exe /X{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Sony Vegas Movie Studio 8.0-->MsiExec.exe /X{62892E81-E6D4-4550-AA61-183839FEF370}
    TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
    Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    WinZip-->"C:\Program Files (x86)\WinZip\WINZIP32.EXE" /uninstall
    Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
    Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~2\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~2\Yahoo!\Common\unyt.exe

    ======Hosts File======

    127.0.0.1 localhost
    94.23.49.62 L2authd.lineage2.com
    94.23.49.62 L2testauthd.lineage2.com
    216.107.250.194 nProtect.lineage2.com

    ======Security center information======

    AV: Kaspersky Anti-Virus
    AS: Windows Defender (disabled)
    AS: Kaspersky Anti-Virus

    ======System event log======

    Computer Name: PC-de-Manu
    Event Code: 3033
    Message: Le redirecteur n'a pas pu enregistrer l'adresse pour le transport NetBT_Tcpip_{EDF55286-B0A2-46C5-B440-C5CBCFD100F2} pour la raison suivante : Vous n’étiez pas connecté car il y avait un nom en double sur le réseau. Si vous joignez un domaine, ouvrez le Panneau de configuration Système et modifiez le nom de l’ordinateur, puis réessayez. Si vous joignez un groupe de travail, choisissez un autre nom pour ce groupe.. Le transport a été déconnecté.
    Record Number: 49353
    Source Name: mrxsmb
    Time Written: 20090407111053.745456-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Manu
    Event Code: 4321
    Message: Le nom "PC-DE-MANU :0" n'a pas pu être enregistré sur l'interface avec l'adresse IP 192.168.1.24. L'ordinateur avec l'adresse IP 192.168.1.72 n'a pas permis que le nom soit réclamé par cet ordinateur.
    Record Number: 49354
    Source Name: netbt
    Time Written: 20090407111053.773456-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Manu
    Event Code: 2505
    Message: Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{EDF55286-B0A2-46C5-B440-C5CBCFD100F2} car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.
    Record Number: 49355
    Source Name: Server
    Time Written: 20090407111056.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Manu
    Event Code: 4321
    Message: Le nom "PC-DE-MANU :20" n'a pas pu être enregistré sur l'interface avec l'adresse IP 192.168.1.24. L'ordinateur avec l'adresse IP 192.168.1.72 n'a pas permis que le nom soit réclamé par cet ordinateur.
    Record Number: 49356
    Source Name: netbt
    Time Written: 20090407111056.763456-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Manu
    Event Code: 7026
    Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
    KLIM6
    Record Number: 49419
    Source Name: Service Control Manager
    Time Written: 20090407111111.000000-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: PC-de-Manu
    Event Code: 1002
    Message: Le programme DivX Player.exe version 7.1.0.74 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 25c Heure de début : 01c9b718419d8470 Heure de fin : 68
    Record Number: 3232
    Source Name: Application Hang
    Time Written: 20090407003333.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Manu
    Event Code: 3013
    Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\036.PART.MET> dans la configuration de hachage.

    Contexte : Application , Catalogue SystemIndex

    Détails :
    Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

    Record Number: 3233
    Source Name: Microsoft-Windows-Search
    Time Written: 20090407003414.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Manu
    Event Code: 3013
    Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\036.PART.MET> dans la configuration de hachage.

    Contexte : Application , Catalogue SystemIndex

    Détails :
    Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

    Record Number: 3234
    Source Name: Microsoft-Windows-Search
    Time Written: 20090407003414.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Manu
    Event Code: 3013
    Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\013.PART.MET.BACKUP> dans la configuration de hachage.

    Contexte : Application , Catalogue SystemIndex

    Détails :
    Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

    Record Number: 3236
    Source Name: Microsoft-Windows-Search
    Time Written: 20090407003419.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Manu
    Event Code: 3013
    Message: Impossible de mettre à jour l'entrée <C:\USERS\MANU\DOWNLOADS\EMULE\TEMP\033.PART.MET.BACKUP> dans la configuration de hachage.

    Contexte : Application , Catalogue SystemIndex

    Détails :
    Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

    Record Number: 3340
    Source Name: Microsoft-Windows-Search
    Time Written: 20090407120410.000000-000
    Event Type: Erreur
    User:

    =====Security event log=====

    Computer Name: PC-de-Manu
    Event Code: 4648
    Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-MANU$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Compte dont les informations d’identification ont été utilisées :
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Serveur cible :
    Nom du serveur cible : localhost
    Informations supplémentaires : localhost

    Informations sur le processus :
    ID du processus : 0x288
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Adresse du réseau : -
    Port : -

    Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
    Record Number: 11662
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090407115746.130056-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-Manu
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-MANU$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7

    Type d’ouverture de session : 5

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x288
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Nom de la station de travail :
    Adresse du réseau source : -
    Port source : -

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : Advapi
    Package d’authentification : Negotiate
    Services en transit : -
    Nom du package (NTLM uniquement) : -
    Longueur de la clé : 0

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 11663
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090407115746.130056-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-Manu
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7

    Privilèges : SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 11664
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090407115746.130056-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-Manu
    Event Code: 5032
    Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

    Code d’erreur : 5
    Record Number: 11665
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090407115929.112056-000
    Event Type: Échec de l'audit
    User:

    Computer Name: PC-de-Manu
    Event Code: 5032
    Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

    Code d’erreur : 5
    Record Number: 11666
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090407120129.380056-000
    Event Type: Échec de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\DivX Shared\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=AMD64
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
    "PROCESSOR_REVISION"=0f0b
    "NUMBER_OF_PROCESSORS"=4
    "CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------
    0
  13. ric025
     
    Ok !

    Commence par ceci:

    Télécharge Malwarebytes Anti-Malware (MBAM):

    MBAM

    Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.

    Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".

    Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".

    Poste le rapport généré.

    A++ ;)
    0
  14. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    L'analyse est en cours.

    Apperement le virus est bien un Win 32, car lorsque le petit logiciel me fait l'analyse, ya Kaspersky qui vient me dire que je veut avoir acces a des fichiers contenant le virus.

    EDIT : Analyse finie :

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 1947
    Windows 6.0.6001 Service Pack 1

    07/04/2009 14:33:40
    mbam-log-2009-04-07 (14-33-40).txt

    Type de recherche: Examen rapide
    Eléments examinés: 63071
    Temps écoulé: 2 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstsc (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Windows\System32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Windows\System32\drivers\down\291004.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\system\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
    C:\Users\Manu\AppData\Roaming\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    0
  15. ric025
     
    Ok! Ré-ouvre MBAM, va sur "Quarantaine" et supprime tout.

    ========================================

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    ==> Va dans "Démarrer" puis Panneau de configuration.
    ==> Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
    ==> Clique sur Continuer.
    ==> Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    ==> Valide par OK et redémarre.

    Telecharge maintenant Findykill, par Chiquitine29 sur ton bureau

    Lance l'installation avec les paramètres par défaut

    Fais un clic droit sur le raccourci FindyKill sur ton bureau

    Choisis exécuter en tant qu'administrateur

    Au menu principal, choisis l'option 1 (Recherche)

    Poste le rapport FindyKill.txt

    * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
  16. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    ############################## [ FindyKill V4.722 ]

    # User : Manu (Administrateurs) # PC-DE-MANU
    # Update on 04/04/09 by Chiquitine29
    # Start at: 14:52:11 | 07/04/2009
    # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    # Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 7.0.6001.18000
    # Windows Firewall Status : Disabled
    # AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | Updated ]

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 465,76 Go (220,41 Go free) # NTFS
    # D:\ # Disque fixe local # 232,75 Go (130,47 Go free) # NTFS
    # E:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\FrapsII\fraps.exe
    C:\Windows\comrepl.exe
    C:\Windows\System32\hdsp32.exe
    C:\Windows\System32\hdspmix.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Safari\Safari.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    ################## [ C:\Windows # C:\Windows\Prefetch ]

    ################## [ C:\Windows\System32... ]

    ################## [ C:\Users\Manu\AppData\Roaming ]

    ################## [ C:\Users\Manu...\Temp Files... ]

    ################## [ Registre / Clés infectieuses ]

    Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\Local AppWizard-Generated Applications\key_generator
    Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\bisoft
    Found ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\MuleAppData
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Found ! HKEY_CURRENT_USER\Software\bisoft
    Found ! HKEY_CURRENT_USER\Software\MuleAppData

    ################## [ Recherche dans supports amovibles]

    # Recherche fichiers connus :

    ################## [ Registre / Mountpoint2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.722 ! ]

    L'analyse a été tres courte :o

    Je me demande si il a analysé le Disque C ou si il a analysé le D (Deuxieme disque dur avec XP dessus)
    0
  17. ric025
     
    Il a analysé C: avec Vista.

    Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

    Fais clic droit sur le raccourci FindyKill sur ton bureau

    Choisis exécuter en tant qu'administrateur

    Au menu principal, choisis l'option 2 (Suppression)

    /!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué"

    /!\ Ne te sers pas du pc durant la suppression , ton bureau ne sera pas accessible c'est normal !

    Ensuite poste le rapport FindyKill.txt

    * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

    /!\Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide/!\
    0
  18. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    ############################## [ FindyKill V4.722 ]

    # User : Manu (Administrateurs) # PC-DE-MANU
    # Update on 04/04/09 by Chiquitine29
    # Start at: 15:10:22 | 07/04/2009
    # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    # Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 7.0.6001.18000
    # Windows Firewall Status : Disabled
    # AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | Updated ]

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 465,76 Go (220,32 Go free) # NTFS
    # D:\ # Disque fixe local # 232,75 Go (130,47 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque amovible # 1,86 Go (1,36 Go free) [AVALON] # FAT

    ############################## [ Active Processes ]

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\FrapsII\fraps.exe
    C:\Windows\SysWOW64\runonce.exe
    C:\Windows\SysWOW64\conime.exe

    ################## [ C:\Windows # C:\Windows\Prefetch ]

    ################## [ C:\Windows\System32... ]

    ################## [ C:\Users\...\AppData\Roaming ]

    ################## [ Cleaning .. Temp Files... ]

    ################## [ Registry / Infected keys ]

    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Deleted ! HKEY_CURRENT_USER\Software\bisoft
    Deleted ! HKEY_CURRENT_USER\Software\MuleAppData
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! HKEY_USERS\S-1-5-21-1565594329-1017173148-3718631536-1000\Software\MuleAppData

    ################## [ Cleaning Removable drives ]

    # Deleting Files :

    ################## [ Registry / Mountpoint2 ]

    # -> Not found !

    ################## [ States / Restarting of services ]

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    # Ndisuio -> # Type of startup =3
    # EapHost -> # Type of startup =2
    # Wlansvc -> # Type of startup =2
    # SharedAccess -> # Type of startup =2
    # wuauserv -> # Type of startup =2
    # wscsvc -> # Type of startup =2
    # WinDefend -> # Type of startup =2
    # -> UAC is Enable.

    ################## [ Searching Other Infections ]

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\1-abc.net Right Click Configurator 1.01.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\A Thanksgiving Turkey Demo Screensaver 1.0 (With Crack).zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\A1 Website Download 1.1.9 Cracked.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ABC Amber Visio Converter 1.03 Serial.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\AdeptSQL Diff 1.95 Build 87 (KeyGen).zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Advanced SMTP Server 2.7.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\AlbaWrite 3.1.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Amazon Top Deals 1.0.0.0.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ASP.NET BLOB & Thumbnail Controls 2.0.0.15.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Atrise Find Bad Information 1.1.0.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\BBC Radio 2 Player 1.0.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Bg.-.Karizma.(2006).-.Eklisiast.(By.Panda.1960).zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\BitControl 0.1.0.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\CardSuite 3.71.zip
    Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Chinese DrugPhoto 1.00 [Patch].zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\click'n share photo 1.0.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Clock Tray Skins 4.1.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Commodity Price Quotes 1.00.4.zip
    Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Connect 3.0.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Contact Manager (OS X) 1.0.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Cool Color Picker 1.1.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Crayon On Concrete 1.0.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\CTube! 3.92.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\D-FileMU 1.8.8.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Dark Wizard Records toolbar for IE 4.5.129.0.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DataMatrix .NET Control 1.2 Key.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Designing a Microsoft Windows 2000 Directory Services Infrastructure 6.10.05.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Desktop Adviser 5.7.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DidTheyReadIt Outlook Plugin 1.0.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DJ Java Decompiler 3.10.10.93.zip
    Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Download Accelerator Manager 3.0.0.0.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Download Boost 2.00 [Cracked].zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DSpeech 1.55.1.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Dungeon Siege Yesterhaven mod.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\DVD to Zune 1.2.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\e-PDF To HTML Converter 2.0 [With Crack].zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Eastsea Audio Converter 2.0 (Serial).zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Easy Diary 1.10.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Easy Mortgage Calculator 1.0.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\EasyFeed 1.1.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Excel Phone Number Format Software 7.0.zip
    Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Excel Remove Error Cells In Multiple Files Software 7.0.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\File Backup Watcher Lite Edition 2.8.19.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\FlexiServer Management Software 1.02 Cracked.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\foo out asio 1.2.6.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ForeFlight 2.0 [Cracked].zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Friendship Management 2.0.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\FTP Client for Microsoft Windows 1.0.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\GodsofOlympus 1.0.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\GoldLeo Audio Recorder 2.0.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Halftone Search for Google Desktop 1.2.4 Patch.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\hsCADCreator 1.0.3.36.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\IncrediFace 1.zip
    Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Internet Disk Cleaner 2.0.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\iPod Video Converter + DVD to iPod Suite 3.16.3.29.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\JamDTA ActiveX Control 4.0.4.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Jesse McCartney Screensaver 3.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\JM-Mobile Editor 1.01.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Kaspersky.6.ITA.+.key.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Koikoi Komachi X International 1.3.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Korben WatchDog 1.0.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Letter Drop 2.3h [Patch].zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Liquid 3.5.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\LiveProject Project Collaboration 2.7.0.0.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MailChecker 1.1 (Key).zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MAPILab Groupware Server 1.2.1.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Mars Encapsulator 2.0 Crack.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Memory Monitor 1.0.0.1.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Mocha X Server 2.0.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Moon phase 1.1.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Move Toolbar 1.1.4.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MP3-Burner, The Simple Way! 6.5.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MSSQL-to-Excel 1.5 (Serial).zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\MSSQL-to-Excel 1.5.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Nevo DVD to 3GP Converter 2008 2.1.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\nh2b Immo Lite 1.0.7.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\NTFS-FAT Data Doctor Recovery 2.0.1.5.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\O&O DiskStat Professional Edition 1.0.2687.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Objects in the Sky 1.0.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Optimal HTML v1.2 Key.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Oriens JPEG2000 Basic 1.3.167.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Oxygen Directory Spy ActiveX Control 1.5.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Paint Express 1.3.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PerfmonBar 1.0.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PingMaster 0.9.zip
    Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Portable SiriSoft FileFinder 3.1.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Product Key Finder 1.01.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Projetex Project Management Server 2005.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\PS Video To PSP Converter 1.00 Cracked.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Public Records 1.0.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Q-NewsTicker 1.061.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\QBAutomation - Merchant 1.0.0 [Patch].zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Quick Recovery for Windows FAT & NTFS 11.09.05 (Patch).zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Radical Rebound 5.0.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Random Password Generator-PRO 12.1 [Crack].zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Rapid Resizer 2.6.1.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\RAV AntiVirus Desktop 8.6.105.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Right Backup Professional 1.00 (Cracked).zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Run-time Exception Dumper 2.1.0 With Crack.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Safe Chat Standard Edition with Parental Controls 1.8.7 [Serial].zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Search Engine Creator for PHP 2.1 Crack.zip
    Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Signsrch 0.1.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SingAlong Player 2008 1.zip
    Contain install.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Slingvine Slinger 1.0.0.34 Beta.zip
    Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SmartWhois 4.2 Build 205 (With Crack).zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SS Pamela Anderson Screensaver 1.0.zip
    Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Stalker Mobile 176x208.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Stardust Wallpaper Control 2003 1.0.0.3.zip
    Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Streamer Widget 1.0.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Sun 3D Screensaver 1.1 (KeyGen).zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SWF Extractor 2.2 (Crack).zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\SymLab Professional 1.2.2.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Time Maxthon Plugin 1.0.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\TimesOwn 3.1.7 KeyGen.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Total Vectorize 1.01.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Total WMA Converter 1.01 [Serial].zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Translate Page 1.0.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\TVPX 1031 Depreciation Solution 4.0.zip
    Contain run.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Twilight Mahjongg 6.3.9s.zip
    Contain setup.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\UltiSum 1.15.zip
    Contain key_gen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Unreal Tournament 2003 - Poindexter skin.zip
    Contain serial.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Unreal Tournament 2004 DM Silent Hell map.zip
    Contain key_generator.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\ViPNet Password Roulette 2.9.2 build 1042.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\VoltoWFO Web Form Objects Component 1.0.zip
    Contain patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\Water Garden Screen Saver 1.3.zip
    Contain install_crack.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\WelMos 1.0b.zip
    Contain keygen.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\GaBrIeL\Application Data\m\shared\WinCHM Pro 3.412.zip
    Contain install_patch.exe [880640] with Bagle CRC32 : 57A22FC8

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\3D Sumo Babies Ballerinas 3.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\4Musics OGG to WAV Converter 4.0 [Serial].zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\A Day With Charlie 1.0.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ABC Amber SVG Converter 2.01.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Acdsee Photo Editor 4.0 build 195.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AES Home 4.0 [Key].zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AfterHour 2.3.1.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Age of Mythology - Keeper of the Realms scenario.zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Agent Orange Font 1.0.zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Akeni Enterprise Instant Messaging LDAP 2.2 [Crack].zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AnotherDesk 2.0.00.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Aplus DVD to Cell Phone Ripper 8.28 With Crack.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Apple TTY Tool 1.0.1.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Asian Castle Jigsaw Puzzle 1.0.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\AVI WMV MPEG Converter 1.1.6 Patch.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Battlefield 1942 - Uberdeen map.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Buffer 2.1.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Bush Countdown Clock 1.5.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CD3WD Food Processing 3.8.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ClamWin.Free.Antivirus.0.88.7.zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Clone Table for MS SQL Server Professional 1.0 Crack.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Collectorz.com Book Collector 5.2 Build 2.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Command & Conquer Generals - Slareneg map.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CompanyLogoDesigner 2.01.zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Connect Daily 3.4.0.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Cool Media To MP3 WAV Converter 3.12.zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\CQPhone 2.4.04.zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Database Tour Pro 5.3.1.779.zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dave 4.0.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DB Audio Mixer & Editor 1.0 (KeyGen).zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Deer Hunter 2004.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DemonoidBar 4.5.114.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DENNEY 1.0 (With Crack).zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Direct Reminder Voice 1.03.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Distributor Pro 0.6 Patch.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dolphins Screensaver 1.0.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DoubleKiller 1.6.1.8.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Dreamer 3D Waterfall Screensaver 1.1 Key+Serial.zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\DVD Snapshot 1.5.7.1 Key.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EACompression Zip Component 1 (Cracked).zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Easy Audio Grabber 2.0.zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EasyMail .Net Edition 2.1 [Crack].zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EasyVBApps EasyPicture 0.1 Beta.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\EssentialPIM 2.02.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ExamSim 5.5.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FactotumNOW IAS Reporting 3.42 (Key+Serial).zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\File Pulverizer 5.0 [KeyGen].zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\File Uploader 1.10 Build 46.3.zip
    Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FirePanel Vista 2.6.0.0.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Flashcards 2.1.1.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\FLV Importer Pro for Adobe Premiere 2.0.4.4.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\foo playcount 2.1.5.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\GYRODROME Screensaver 1.00 Serial.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Hafez Editable Photo Album 1.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Heaven Theme 1.0.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\His Holiness the 14th Dalai Lama 2 1.0.zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Hotkey Jumpstart 1.4.zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\HTMLShip 2.0 (Key).zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\iDVDMAX 1.1.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\iGetter Download Manager 2.0.1.zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\IphotoDVD Wizard 2.2.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Jpeg Scrubber 2.0 [Serial].zip
    Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Keyset 1.0.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LifeType 1.2.8.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 English - French 1.1.17 [Key].zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 Russian - Azerbaijani 4.0.22.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\LittleBrowse 1.0 Beta 2 Build 0203.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Magic Audio Editor Pro 10.2.7.zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Mail me 3.00.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MB Free Chinese Astrology Software 1.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MB7-224 Practice Exam Testing Engine Software 1.0.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MDB2CSV 1.01 (KeyGen).zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MedReader Physician Edition 3.0.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Memory Guard 2.3.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Microsoft Network Monitor 3.2.1303.0.zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Mihov EXIF Renamer 3.0.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\MKV to AVI Converter 3.2.0.084.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\News By Keywords 1.4.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Nod32 2.12.2 + patch works instructions.zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\OmniValue 2.1.zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Oracle-to-MySQL 3.3.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Panda.Internet.Security.2006.Multi-BSy.GEAR.forwwoldesel.to.zip
    Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PanelMeter 1.2.48.zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Password Boss 2.25.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PC Network Traffic Monitor and Analyzer 4.06 build 183.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pc Tools File Recover 6.1.0.29.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\PDFPrint Command Line 2.0.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Photo Printer 2.3 [Key].zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pic2Pic Pro 2.7.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Plancoin 0.3.zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Pure CD Ripper 3.6 [Patch].zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Quick Change Directory (QCD) 1.0.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Redirect Remover 2.5.3.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\River Past Crazi Video for Zune 2.5.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Russell Diagram 1.00.zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\S2 Adept 1.2.zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Salon Iris 6.0.1.zip
    Contain key_generator.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sawmill 7.2.10 [Key].zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Scriptware 3.0 Key+Serial.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Seria-A Statistics in Excel (Season 2005-06) 1.0.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SF3 Photoflight Tools 1.006 [Serial].zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\ShadowProtect Desktop Edition 2.0.1.27.zip
    Contain install_patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Shark Video Converter Gold 6.4.9.4 [Cracked].zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Single Hue 1.0.zip
    Contain crac.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SiteChange2Email 1.0.1.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sleep Timer Pro 4.8.2.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sony ImageStation Xpress Upload Software 1.0.6.24.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Speak Clipboard 1.0.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Split Text Files Software 7.0.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Spy-Ad Exterminator Pro 1.04.5.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Sql2Csv 1.0.2.2.zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\StartUp Manager 1.01 [Patch].zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\StationRipper 2.91B.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SuperPIM 1.94.zip
    Contain install_crack.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\SWF To Video Scout 1.72.zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Tara Reid 1.0.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Tembria Server Monitor 5.2.5.zip
    Contain keygen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Total Shield Tracks Cleaner 1.60.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\TrafficCompressor 1.0.352.zip
    Contain setup.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\TwinGrid 7.0.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Vision Simulator 1.0.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Wallpap1 2.01.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Wallpapers Manager 0.4.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Websites Online 1.0 With Crack.zip
    Contain serial.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\WinScheduler 7.2.0.zip
    Contain patch.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\WinSent 1.1.10.128.zip
    Contain run.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\Xeonn-Turbo 2.0.zip
    Contain key_gen.exe [876544] with Bagle CRC32 : 99FAAE80

    Deleted ! : D:\Documents and Settings\Leslie\Application Data\m\shared\XPicture 1.6.zip
    Contain install.exe [876544] with Bagle CRC32 : 99FAAE80

    ################## [ Corrupted files # Re-Installation required ]

    C:\Program Files (x86)\Wanadoo\Monitor.exe
    C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
    C:\Users\All Users\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
    D:\Program Files\Alwil Software\Avast4\ashAvast.exe
    D:\Program Files\Alwil Software\Avast4\ashChest.exe
    D:\Program Files\Alwil Software\Avast4\ashDisp.exe
    D:\Program Files\Alwil Software\Avast4\ashLogV.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashPopWz.exe
    D:\Program Files\Alwil Software\Avast4\ashQuick.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Alwil Software\Avast4\ashSimp2.exe
    D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    D:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
    D:\Program Files\Alwil Software\Avast4\ashSkPck.exe
    D:\Program Files\Alwil Software\Avast4\ashUpd.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\sched.exe
    D:\Program Files\Alwil Software\Avast4\VisthLic.exe
    D:\Program Files\Alwil Software\Avast4\VisthUpd.exe
    D:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe
    D:\Program Files\Mozilla Firefox\uninstall\helper.exe
    D:\WINDOWS\$hf_mig$\KB898461\update\update.exe
    D:\WINDOWS\$hf_mig$\KB911164\update\update.exe
    D:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
    D:\WINDOWS\$hf_mig$\KB946648\update\update.exe
    D:\WINDOWS\$hf_mig$\KB950762\update\update.exe
    D:\WINDOWS\$hf_mig$\KB950974\update\update.exe
    D:\WINDOWS\$hf_mig$\KB951066\update\update.exe
    D:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
    D:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
    D:\WINDOWS\$hf_mig$\KB951618-v2\update\update.exe
    D:\WINDOWS\$hf_mig$\KB951698\update\update.exe
    D:\WINDOWS\$hf_mig$\KB951748\update\update.exe
    D:\WINDOWS\$hf_mig$\KB951978\update\update.exe
    D:\WINDOWS\$hf_mig$\KB952287\update\update.exe
    D:\WINDOWS\$hf_mig$\KB952954\update\update.exe
    D:\WINDOWS\$hf_mig$\KB953838\update\update.exe
    D:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
    D:\WINDOWS\$hf_mig$\KB953839\update\update.exe
    D:\WINDOWS\$hf_mig$\KB954211\update\update.exe
    D:\WINDOWS\$hf_mig$\KB954459\update\update.exe
    D:\WINDOWS\$hf_mig$\KB954600\update\update.exe
    D:\WINDOWS\$hf_mig$\KB955069\update\update.exe
    D:\WINDOWS\$hf_mig$\KB955839\update\update.exe
    D:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
    D:\WINDOWS\$hf_mig$\KB956391\update\update.exe
    D:\WINDOWS\$hf_mig$\KB956802\update\update.exe
    D:\WINDOWS\$hf_mig$\KB956803\update\update.exe
    D:\WINDOWS\$hf_mig$\KB956841\update\update.exe
    D:\WINDOWS\$hf_mig$\KB957095\update\update.exe
    D:\WINDOWS\$hf_mig$\KB957097\update\update.exe
    D:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
    D:\WINDOWS\$hf_mig$\KB958644\update\update.exe
    D:\WINDOWS\$hf_mig$\KB958687\update\update.exe
    D:\WINDOWS\$hf_mig$\KB958690\update\update.exe
    D:\WINDOWS\$hf_mig$\KB960225\update\update.exe
    D:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
    D:\WINDOWS\$hf_mig$\KB960715\update\update.exe
    D:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
    D:\WINDOWS\$hf_mig$\KB967715\update\update.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe

    ################## [ ! End of Report # FindyKill V4.722 ! ]
    0
  19. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    Bon, mon rapport cette fois :

    Kaspersky ne s'est pas redemarré automatiquement, mais par contre, tous les servuces de sécurité de Windows Vista marchent à nouveau.
    0
  20. ric025
     
    Ok! Ben apparemment, il n'y en avait pas qu'un de crack infecté !! ;)))))

    ==========================

    Pour retirer Avast totalement: https://www.avast.com/fr-fr/uninstall-utility

    ==========================

    Désinstalle Kasper, version d'essai. Un antivirus gratuit et performant:

    Pour avoir un meilleur AV: http://www.commentcamarche.net/telecharger/telecharger 55 antivir

    Et pour voir comment tout cela fonctionne: http://forum.malekal.com/ftopic4192.php

    ===========================

    Fais ensuite ce petit nettoyage:

    Télécharge CCleaner, version Slim, sans toolbar:

    CCLEANER

    Va dans "Options">>"Avancé". Décoche la première ligne.

    Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

    Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

    /!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\


    Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

    ===========================

    Poste ensuite un nouveau rapport RSIT. Tu n'auras qu'un rapport qui s'ouvrira, log.txt, poste-le.

    A++ ;)
    0
  21. _PhO_ Messages postés 36 Date d'inscription   Statut Membre
     
    Merci beaucoup pour toute cette aide =)

    J'ai suivis la procédure =)

    Avira est-il vraiment mieux que Avast ? D'apres certains comparatifs, non :o

    Bon, voila le rapport : (S'il vous faut TOUT le rapport, dites le moi)

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Manu at 2009-04-07 16:06:07
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 225 GB (47%) free of 477 GB
    Total RAM: 3070 MB (53% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:06:11, on 07/04/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\FrapsII\fraps.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Safari\Safari.exe
    C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files (x86)\CCleaner\CCleaner.exe
    C:\Users\Manu\Desktop\RSIT.exe
    C:\Program Files (x86)\trend micro\Manu.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F3 - REG:win.ini: load=C:\Users\Manu\LOCALS~1\APPLIC~1\mstsc.exe
    O1 - Hosts: 94.23.49.62 L2authd.lineage2.com
    O1 - Hosts: 94.23.49.62 L2testauthd.lineage2.com
    O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\comrepl.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Windows\System\rsvp.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\System\cisvc.exe /waitservice
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Manu\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EDF55286-B0A2-46C5-B440-C5CBCFD100F2}: NameServer = 192.168.1.1
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    0
  • 1
  • 2
  • 3