Se connecter / S'enregistrer
Votre question

Probleme Form1

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Juillet 2010 16:02:53

Bonjour,

Depuis quel que Jour j'ai Form1 dans le gestionnaire des tache

J'ai fais des recherche sur gOogle (mon amis :)  ) et j'ai me suis rendu conte que c'était un virus

Je vous poste ici l'analyse de HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:32, on 21/07/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Users\Public\Public Documents\Windows Movie Player\player.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Mes Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 79.106.2.131 localhost
O1 - Hosts: 79.106.2.131 facebook.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKCU\..\Run: [Windows] "C:\Users\Public\Public Documents\Windows Movie Player\player.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DessinOpenDocument] regsvr32 /s /u "C:\Users\Roufat\AppData\Local\Dessin\DessinOpenDocument.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O13 - Gopher Prefix:
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.fr-download_in...
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8062 bytes


Et j'aimerais savoir comment vous fête pour trouver l'erreur la dedans :) 

<config>Windows 7 / Firefox 3.6.6</config>

Autres pages sur : probleme form1

22 Juillet 2010 12:02:58

Salut,

Tu as téléchargé un truc qu'il ne fallait pas sur un site de phishing, tu as deux lignes infectieuses dans ton fichier hosts.
Citation :
O1 - Hosts: 79.106.2.131 localhost
O1 - Hosts: 79.106.2.131 facebook.com


Et un petit doute sur cette ligne là:
Citation :
O4 - HKCU\..\Run: [DessinOpenDocument] regsvr32 /s /u "C:\Users\Roufat\AppData\Local\Dessin\DessinOpenDocument.dll"


Je ne trouve aucune information dessus. Vu le nom, ça pourrait être lié à OpenOffice, mais on ne sait jamais. Est-ce que tu as OpenOffice d'installé déjà ?


Pour ton problème, on va faire un petit scan avec MBAM, et on nettoiera le hosts si besoin.

Télécharge Malwarebytes Anti Malware

Une fois installé et lancé, mets le à jour plusieurs fois jusqu'à que tu n'aies plus de mises à jour disponibles.


Ensuite, déconnecte toi et ferme toutes applications en cours.

* Fais un examen dit " RAPIDE " .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur "suppression".

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes', le dernier en date) pour analyse ...
Contenus similaires
23 Juillet 2010 03:36:29

merci pour ta repense :) 

oui j'ai Open Office

je vais faire le scan mais form1 et toujours la :( 

voila le résulta



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4339

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/07/2010 03:44:34
mbam-log-2010-07-23 (03-44-34).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 128880
Temps écoulé: 4 minute(s), 40 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 266

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Roufat\AppData\Roaming\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Roufat\AppData\Roaming\drivers\downld\212890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\213312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\213343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\213765.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\213843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214031.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214828.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\214921.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\215078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\215218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\215359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\215453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\215468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\215750.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\215843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\216625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\217312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\218015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\218171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\218343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\218437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\221640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\221656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\221906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\222437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\222765.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\223125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\231984.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\232531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\240828.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\240921.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\242015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\drivers\downld\242109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\4Videosoft PSP Converter v3.1.06 by Sixeco.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\7Tools DVD Grab and Burn v1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\AB Commander ME v6.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Active Key Logger v1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Activity Expense Tracker Plus 1.7.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Adobe Illustrator 10J for Mac.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Adobe Premiere Pro 7.0.7.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Adult PDF Password Recovery v2.1.0 by FFF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Advanced Net Monitor for Classroom Pro 2.3.5 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Advanced Skeleton for Maya 1.5.2 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Advocate 2002.1.15.345.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Aepryus Suite 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\AeroTags HTML Password Protector v1.40 by UCF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Aglare DVD Ripper Platinum v5.6 by tRUE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Altdo Video to Flash Converter v2.x.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Aly's Slider 2.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Amadis AVI DivX XviD to DVD Creator v3.7 by AT4RE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Ancestral Author 2.5i KEYGEN by FFF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Aneesoft DVD to MOV Converter v2.0.0.0 by iCWT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Angelfish 4 Demo.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ANTS Load Professional Edition v1.60.451.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\AnyDVD 5.9.6.1.5.9.6.1 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Area 51 All Access CheatBLeH.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Atomix Virtual DJ v3.2 Retail by TWK.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Aye Shutdown v5.42.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Best Affiliate Programs 2.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\BestAddress 2003 v2.4.6 Third Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\BlackWidow 4.32 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\BMZ Bauphysik v1.70g GERMAN by PARADOX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Bopup Messenger 3.2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\BurnInTest Professional 6.0 Build 1016.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CA eTrust EZ Antivirus 2005 v7.0.7.7 Incl Keymaker by AGAiN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CaroTechnology PictureViewer v1.2.0 WinAll Regged by CRD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CC Mail 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Check Identical Files 2.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Cheetah 2.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Cheetah CD Burner v3.21 WinALL by TBE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ChessRally v2.3 build 581.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Chores and Rewards 3.05.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CityTransit NYC Subway Guide v1.02 Retail for iPhone (3G) iPod Touch by RLYEH.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ClickBook 2000 v5.x Generic All Versions by Saltine.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ClipPad 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Collectorz com Movie Collector Pro v4.9 build 3 by TE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Comic Book Manager v1.10 by TMG.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ConquerCam 1.91.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CoolFocus TreeView Pro 2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\counterstriker 1.6 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Cover Expert 1.9 keygen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CritterMap Software BackCountry Navigator v2.6.7 Retail for PocketPC by RLYEH.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CrossTrainer II 4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Crystal Reports Advanced 9.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\CyberGauge v6.5 Multi-Station.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Cycling Manager v1.00.00.03 _ENGLISH_ Fixed Update.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Declans ReadWrite Chinese Simplified 1.0.196.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Design Works Lite 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\DIRlist 2.4.57 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\DirWatcher Pro v2.2.166 German WinALL Incl Keygen by ViRiLiTY.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\DLL Show 2000 v4.7 - v4.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Downfall v2.2.2 WinALL Cracked by NiTROUS.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Drive Discovery v2.1 by diGERATi.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Drive Snapshot 1.39.0.14405.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\DVD X Studios CloneDVD v3.6.0.0 by TSZ.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\DVDFab Platinum v3.0.3.5 by AHT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Easy CDDA Extractor 4.0.0 build 0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Easy DVD Ripper 1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Easy Plan Pro 1.1.26.1 crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Easy Transcriber v1.0 WinALL Cracked by ARN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\EBP Compta Flash 2005 v1.1 R2.147 French RETAIL by RESET.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\EditiX v4.0.1.090505 Incl Patch And Keymaker READ NFO by AGAiN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Eishockey Manager 2009 v1.0 _GERMAN_ No-DVD-Fixed EXE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Elecard DVD Player v1.0 WinALL Incl Keygen by ViRiLiTY.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\F-Prot Antivirus for Windows v3.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FastCPU v2.7 and v2.8 for PalmOS.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FinePrint pdfFactory Pro Enterprise 1.26 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FireHand Ember Pro v3.13.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Fireworks v3.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FlameOut 1.0.1.1 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FlashPair 1.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FlyCrypt 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FTP Expert v3.0x.x French.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FTPGetter v2.7.0.25 by DVT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\FullDisk 5.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Galactic Civilization (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Game Executor 2.0.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Gamesprotections and Cloning Question AnswersMiR by ROR.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\GameSpy Arcade v1.4b Subscriber Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Genie Backup Manager Professional v7.0.159.329 by BRD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Geo Track OCX 1.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\GhostView 4.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Golden Records 1.50.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Groove Mechanic 2.4b Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\gSpot Navio v for Pocket PC (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\GTA San Andreas ALL ACCESS CHEAT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Hidetools Spy Monitor v5.10 by AHCU.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\hot checkers 4.0 cracked prc by REVENGE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Hyena 1.85.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ICCD v4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\iConf SDK 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ID Harddisk SmartChecker 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\IK Multimedia Amplitube Jimi Hendrix VST RTAS v1.0 incl KeygenAiR.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\IlluminateLabs Turtle v3.0.0.10 for Maya 7BB3D.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\InCopy CS v3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Intel NetStructure SS7 ISUP v7.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Internet Speed 2.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\IP Works Secure SNMP NET CF Edition v6.0.2008 by SHOCK.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\IsoBuster v1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Jagged Alliance 2 v1.06 _19 TRAINER.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Javascript Menu Builder Titanium 1.3 CrAcKed.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Jive Live Assistant v2.3.0 by SHOCK.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Joesoft Extension Manager for JInfo v3.4 Incl Keygen by diGERATi.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Kaspersky Internet Security (KIS) 2009 Key 2011 Released 26.12.2008 by Tushkan.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Konvertor v2.50d.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Kurt Previous Patches.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\LEAP SOFTWARE CONSPLICE V1.2.2 by LND.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\LifeGlobe Goldfish Aquarium 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MadeToPrint for Adobe Acrobat 1.1.021.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Magic Burning Toolbox 4.2.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MAIL MANAGER 1.00 (crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Mass Downloader 3.2.661 Vista Compatible SILENT UPDATE Crack by FFF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MathCAD Plus Pro 6.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Max Payne 2 v1.0 _3 TRAINER.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Memory Improve Master v6.1.2.206 by PER.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\microsoft office 2003.11.0.5614.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Microsoft Windows Professional Xp 2002 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Mks Vir.2003 Polish Retail 2.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Mooma Video to PSP Converter v1.20 WinALL Regged by iNDUCT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MP3 Disc Burner v1.85 by SND.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MP3 To All Converter v1.37.1 by N-GeN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MS Project IFilter 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MUSHclient v3.73 by DVT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\MyAlbumSaver 1.01 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\net designer v 1.0 tool by TSRh.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Netload v3.8e.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\No Popup 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Norton SystemWorks 2003 v6.0 build 50.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\NTI Dragon Disc v2.0.7.0 Incl Keymaker by ARN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Number Hunt 1.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\OO Defrag v12.x Professional Edition by CORE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\OraLobEditor 1.2.2.5 Incl Keymaker by AGAiN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\OrCAD Unison Suite v9.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Paraben's Ring Master 2.01 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PC Currency Calculator Pro v2.8.0.0 by iNC0DE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PCMark Vantage Basic 1.0.1.0 (Installer & Patch).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Pegasys TMPGEnc XPress v3.0.4.24 Incl LicGen by PARADOX.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\pgware pcboost 3.4.19.2004 crack by REVENGE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PhoneWolf v2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PIC Simulator IDE v5.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Pointdev Ideal Administration Advanced v5.3 WinNT2KXP Incl Keymaker by Core.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Poker Superstars II v1.0.0.137 WinALL Incl Keygen by ECLiPSE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PokerAce Hud v1.18.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Power Edit 2.23.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PowerMILL v3.108.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PowerZip v7.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Privacy Fence v1.4 by TBE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\PULSE MP3 Master 2.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\QIFCategories 1.2 for Mac.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Random Password Generator Pro 8.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\RandomScreen Deluxe 3.10.1 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Rappel Date v3.2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Recipe Organizer 3.6a (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ReGet Deluxe 3.1 Build 137.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Resident Evil 5 _MULTI9_ No-DVD-Fixed Image.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Resource Tuner v1.93.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ResumeGrabber Standard 2009 5.5.0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\ReTreeval 1.00a-key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\RichOrPoor 1.8.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Rip Audio CD Wizard 1.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\RM To MP3 Converter 1.30.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\RoboMind - Learn Programming 2.2.1 (crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\RSSEditor v1.0 WinALL Keymaker Only by BRD.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\RunIt 1.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\SaveFor 1.0.37.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\SchemaToDoc With Table Annotator 2.8.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Scrabble v2.0 _ALL_ No-CD Fixed EXE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Secure Notes Organizer 3.0.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Serials 2000 Update _060104_.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Service Record 5.5.4 crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Signal v1.1.1.1 Retail for PocketPC by RLYEH.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Simply Calenders 3.3.378 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Sins of a Solar Empire v1.05 _14 TRAINER.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Slide Show to Go 7.1.0.68.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Slot Music 4.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Sniff-em 1.12.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Sony Sound Forge 7.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Spell Catcher 8.0 for Mac.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Stardock DesktopX v0.95 Build 154.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\StarDotZip 1.70.737 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\StarMoney Business v2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Starscape.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\SystemShield v2.0b Pro Edition.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Tac32Plus 2.4.2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TaoNotes 2006.3D Pro v3.26 Cracked by ARN.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TBS Cover Editor 1.7.2.181 CrAcKed.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TechTools Pro 4.1.2 for Mac (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Tennis Organizer Deluxe v2.4 WinALL Incl Keygen by TBE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TextBridge Pro 98.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Theorist 1.51 for Mac.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TinyDB Engine 2.92.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Tolgasoft EasyStation Win98 Yamas Turkish by GCT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Total Recorder Pro v4.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Transcribe 2.00.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TraxTime 5.09.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Tropical Ocean.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\True Audio TrueRTA Level 4 v3.2 incl KeyGen by BEAT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Tsunami MPeG Encoder Plus 2.58.44.152.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TTS Power Systems DataMaster 8D v3.4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TuneUp Utilities 2004 v4.1.2318 Incl Keygen INTERNAL by dT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\TurboMemory 1.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Understand for Java v1.4.279 by EMBRACE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Upscene Database Workbench Pro v3.0.4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Urban Chaos v1.0 _GERMAN_ Fixed EXE.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\V-Talking 3.0 RC6 crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\VideoGet v3.0.2.45 by UST.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Viewer for MS Outlook Messages 1.30 Build 124.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Visual Day Planner v7.2 by PC.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Visustin Flow Chart Generator v4.03 Hacktool.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Weight Whiz 1.1 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\WeqSoft WMA Merger v1.0 by FOFF.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\WinCheckIt 4.0 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Windows XP Profesional wsp2.5.1.2600 Service Pack 2 build 2600 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\WinDVD Creator 2.x (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\WinPac 2 1.03 (Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\WinRescue 2000 v2.08.34 by DVT.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\WinSpeedUp 2.6.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Roufat\AppData\Roaming\m\shared\Zealot AVI to VCD SVCD DVD Converter v1.3.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
23 Juillet 2010 08:34:04

Salut,

Tu as une infection Bagle, entre autres, est-ce que tu peux passer un coup de FindyKill.

  • Télécharge FindyKill (par El Desaparecido) sur ton Bureau.
  • Double-clique sur FindyKill présent sur ton Bureau.
  • Tape F puis Entrée pour Français.
  • Au menu principal, choisis l'option 1 (Recherche).
  • Poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
    23 Juillet 2010 12:07:43

    Voila



    ############################## | FindyKill V5.045 |

    # User : Roufat (Administrateurs) # ROUFAT-PC
    # Update on 23/06/2010 by El Desaparecido
    # Start at: 12:06:59 | 23/07/2010
    # Website : http://pagesperso-orange.fr/NosTools/index.html
    # Contact : FindyKill.Contact@gmail.com

    # Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
    # Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
    # Internet Explorer 8.0.7600.16385
    # Windows Firewall Status : Enabled

    # C:\ # Disque fixe local # 149,05 Go (32,53 Go free) # NTFS
    # D:\ # Disque fixe local # 298,09 Go (25,03 Go free) # NTFS
    # E:\ # Disque CD-ROM

    ################## | Eléments infectieux |

    C:\Users\Roufat\AppData\Roaming\drivers

    ################## | Registre |

    [HKCR\ed2k]
    [HKCU\Software\Classes\ed2k]

    ################## | Etat |

    # Affichage des fichiers cachés : OK

    # Mode sans echec : OK

    # Uac : OK

    # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
    # EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
    # Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
    # SharedAccess -> Start = 3 ( Good = 2 | Bad = 4 )
    # windefend -> Start = 2 ( Good = 2 | Bad = 4 )
    # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
    # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

    ################## | ! Fin du rapport # FindyKill V5.045 ! |

    23 Juillet 2010 12:17:14

    MBAM avait bien fait son boulot. Tu peux ré-exécuter FindyKill en choisissant Suppression cette fois-ci (option 2).
    23 Juillet 2010 23:35:14

    Voila le résultat mais Form1 est toujours la :/ 




    ############################## | FindyKill V5.045 |

    # User : Roufat (Administrateurs) # ROUFAT-PC
    # Update on 23/06/2010 by El Desaparecido
    # Start at: 17:28:08 | 23/07/2010
    # Website : http://pagesperso-orange.fr/NosTools/index.html
    # Contact : FindyKill.Contact@gmail.com

    # Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
    # Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
    # Internet Explorer 8.0.7600.16385
    # Windows Firewall Status : Enabled

    # C:\ # Disque fixe local # 149,05 Go (32,1 Go free) # NTFS
    # D:\ # Disque fixe local # 298,09 Go (25,03 Go free) # NTFS
    # E:\ # Disque CD-ROM

    ################## | Eléments infectieux |

    Supprimé ! C:\Users\Roufat\AppData\Roaming\drivers

    ################## | MD5 ... |


    ################## | CRC32 ... |

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\4VIDEO~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\7TOOLS~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ABCOMM~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ACTIVE~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ACTIVI~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ADOBEI~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ADOBEP~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ADULTP~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ADVANC~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ADVANC~2.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ADVOCA~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\AEPRYU~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\AEROTA~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\AGLARE~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ALTDOV~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ALY'SS~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\AMADIS~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ANCEST~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ANEESO~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ANGELF~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ANTSLO~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ANYDVD~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\AREA51~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ATOMIX~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\AYESHU~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\BESTAF~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\BESTAD~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\BLACKW~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\BMZBAU~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\BOPUPM~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\BURNIN~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CAETRU~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CAROTE~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CCMAIL~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CHECKI~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CHEETA~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CHEETA~2.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CHESSR~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CHORES~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CITYTR~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CLICKB~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CLIPPA~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\COLLEC~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\COMICB~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CONQUE~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\COOLFO~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\COUNTE~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\COVERE~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CRITTE~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CROSST~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CRYSTA~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CYBERG~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\CYCLIN~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DECLAN~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DESIGN~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DIRLIS~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DIRWAT~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DLLSHO~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DOWNFA~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DRIVED~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DRIVES~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DVDXST~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\DVDFAB~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\EASYCD~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\EASYDV~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\EASYPL~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\EASYTR~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\EBPCOM~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\EDITIX~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\EISHOC~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ELECAR~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\F-PROT~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FASTCP~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FINEPR~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FIREHA~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FIREWO~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FLAMEO~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FLASHP~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FLYCRY~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FTPEXP~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FTPGET~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\FULLDI~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GALACT~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GAMEEX~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GAMESP~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GAMESP~2.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GENIEB~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GEOTRA~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GHOSTV~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GOLDEN~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GROOVE~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GSPOTN~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\GTASAN~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\HIDETO~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\HOTCHE~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\HYENA1~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ICCDV4~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ICONFS~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\IDHARD~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\IKMULT~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ILLUMI~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\INCOPY~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\INTELN~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\INTERN~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\IPWORK~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ISOBUS~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\JAGGED~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\JAVASC~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\JIVELI~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\JOESOF~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\KASPER~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\KONVER~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\KURTPR~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\LEAPSO~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\LIFEGL~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MADETO~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MAGICB~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MAILMA~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MASSDO~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MATHCA~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MAXPAY~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MEMORY~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MICROS~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MICROS~2.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MKSVIR~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MOOMAV~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MP3DIS~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MP3TOA~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MSPROJ~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MUSHCL~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\MYALBU~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\NETDES~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\NETLOA~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\NOPOPU~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\NORTON~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\NTIDRA~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\NUMBER~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\OODEFR~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ORALOB~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ORCADU~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PARABE~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PCCURR~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PCMARK~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PEGASY~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PGWARE~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PHONEW~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PICSIM~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\POINTD~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\POKERS~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\POKERA~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\POWERE~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\POWERM~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\POWERZ~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PRIVAC~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\PULSEM~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\QIFCAT~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RANDOM~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RANDOM~2.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RAPPEL~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RECIPE~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\REGETD~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RESIDE~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RESOUR~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RESUME~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RETREE~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RICHOR~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RIPAUD~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RMTOMP~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ROBOMI~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RSSEDI~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\RUNIT1~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SAVEFO~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SCHEMA~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SCRABB~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SECURE~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SERIAL~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SERVIC~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SIGNAL~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SIMPLY~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SINSOF~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SLIDES~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SLOTMU~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SNIFF-~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SONYSO~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SPELLC~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\STARDO~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\STARDO~2.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\STARMO~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\STARSC~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\SYSTEM~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TAC32P~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TAONOT~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TBSCOV~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TECHTO~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TENNIS~1.ZIP
    -> Contain patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TEXTBR~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\THEORI~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TINYDB~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TOLGAS~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TOTALR~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TRANSC~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TRAXTI~1.ZIP
    -> Contain key_gen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TROPIC~1.ZIP
    -> Contain crac.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TRUEAU~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TSUNAM~1.ZIP
    -> Contain setup.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TTSPOW~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TUNEUP~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\TURBOM~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\UNDERS~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\UPSCEN~1.ZIP
    -> Contain install.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\URBANC~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\V-TALK~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\VIDEOG~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\VIEWER~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\VISUAL~1.ZIP
    -> Contain keygen.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\VISUST~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WEIGHT~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WEQSOF~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WINCHE~1.ZIP
    -> Contain run.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WINDOW~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WINDVD~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WINPAC~1.ZIP
    -> Contain install_patch.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WINRES~1.ZIP
    -> Contain install_crack.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\WINSPE~1.ZIP
    -> Contain serial.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F

    Supprimé ! D:\MESDOC~1\Divers\Back\NOUVEA~1\AppData\Roaming\m\shared\ZEALOT~1.ZIP
    -> Contain key_generator.exe |Size : 841728 |With Bagle CRC32 : D1DDE91F


    ################## | Registre |

    Supprimé ! [HKCR\ed2k]

    ################## | Etat |

    # Mode sans echec : OK


    # Affichage des fichiers cachés : OK

    # Uac : OK

    # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
    # EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
    # Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
    # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
    # windefend -> Start = 2 ( Good = 2 | Bad = 4 )
    # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
    # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

    ################## | Fichiers corrompus |

    ... OK !

    ################## | Upload |

    Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_Roufat-PC.zip : http://chiquitine.changelog.fr/Sample/Upload.php
    Merci pour votre contribution .

    ################## | ! Fin du rapport # FindyKill V5.045 ! |

    23 Juillet 2010 23:51:48

    Salut,

    On va faire un log avec RSIT:

    *Télécharge RSIT (merci random/random) sur le Bureau : Ici
    Double-clique sur RSIT.exe, il ne nécessite pas d' installation.
    Clique Continue à l' écran Disclaimer si tu acceptes les conditions.
    -Si HijackThis est non détecté sur ton Pc, il le téléchargera (autorise l' accès dans ton pare-feu si demandé et accepte la licence).
    Lorsque l' analyse sera terminée, deux fichiers texte s' ouvriront.
    Poste le contenu de log.txt (celui qui s' ouvre) ainsi que info.txt qui est dans la Barre des Tâches

    NB : Ces rapports sont enregistrés dans le dossier C:\rsit
    24 Juillet 2010 01:59:37

    Voila


    Info.txt



    info.txt logfile of random's system information tool 1.08 2010-07-24 01:52:33

    ======Uninstall list======

    -->MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
    µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
    Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
    Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
    Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
    Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
    Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
    Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
    Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
    Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
    Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
    Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
    Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
    Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
    Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
    Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
    Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
    Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
    Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
    Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
    Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
    Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
    Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
    Adobe Reader 9.3.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
    Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
    Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
    Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
    Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
    Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
    Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
    AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
    AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
    adsl TV-->"C:\Program Files\adslTV\Uninstall.exe" "C:\Program Files\adslTV\Uninstall.log" -u
    APB Europe-->"C:\Program Files\Realtime Worlds\APB Europe\Désinstaller.exe"
    Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
    Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x040c -removeonly
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
    CamfrogWEB Advanced ActiveX Plugin (www.bobtv.fr)-->"C:\Program Files\CFWebAdvancedU_BOBTV.FR\Uninstall.exe"
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    Code de la Route-->MsiExec.exe /X{A37A26D5-8444-4862-933B-478371D0299D}
    Command & Conquer™ Alerte Rouge 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
    Company of Heroes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4560
    Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
    Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
    Converter-->MsiExec.exe /I{1EC3AB6C-C091-BD4E-AB27-56F653CBE899}
    Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
    Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
    DefragExpress!-->C:\Program Files\DiskTrix\DefragExpress\Uninstall.EXE /u:"DefragExpress!"
    Désinstaller l'imprimante EPSON SX210 Series-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSFDE.EXE /R /APD /P:"EPSON SX210 Series"
    D-Link VGA Webcam-->C:\Windows\CleanDev.exe C:\Windows\ov519.TXT
    EAX(tm) Unified (SHELL)-->C:\Windows\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    FMRTE-->MsiExec.exe /I{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}
    Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
    Fraps (remove only)-->"C:\Fraps\uninstall.exe"
    Full Tilt Poker-->C:\Program Files\Full Tilt Poker\uninstall.exe
    Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
    HashCheck Shell Extension (x86-32)-->regsvr32.exe /u /i /n "C:\Windows\system32\ShellExt\HashCheck.dll"
    HLSW v1.3.2.1-->"C:\Program Files\HLSW\unins000.exe"
    Infineon USB driver 1.0.0.6-->"C:\Program Files\infineon\FlashUtility\drivers\Infineon USB driver\V1.0.0.6\unins000.exe"
    iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
    Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
    K-Lite Mega Codec Pack 4.1.4-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
    Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
    Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
    LG USB Modem Driver-->"C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -runfromtemp -l0x040c LG -removeonly
    LimeWire PRO 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
    Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}\setup.exe" -l0x40c -removeonly
    LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL
    LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}
    Ma-Config.com-->MsiExec.exe /X{B9706D6B-754E-4D81-8EE9-393008D57EDB}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Mega Manager-->"C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe" -runfromtemp -l0x0409 -removeonly
    Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
    Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
    Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Movies2iPhone .74b-->C:\Program Files\Movies2iPhone\uninst.exe
    Mozilla Firefox (3.6.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
    NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
    NVIDIA PhysX-->MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
    NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\flashusb.inf_x86_neutral_90f2ee6ff352e406\flashusb.inf
    PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
    Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
    PunkBuster Services-->C:\Windows\system32\pbsvc_apb.exe -u
    QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
    Revo Uninstaller 1.89-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
    rFactor (remove only)-->"C:\Program Files\rFactor\Uninstall.exe"
    Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
    RomStation-->C:\Program Files\RomStation\Uninstal.exe
    Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
    Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
    Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
    System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
    Team Players Corvette C6R-->MsiExec.exe /X{90B73122-6D92-44D2-BBD4-811F98DA88B1}
    TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
    TeamSpeak Client-->"C:\Program Files\TeamSpeak3\unins000.exe"
    TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
    Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
    TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
    Turbo Key-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}\setup.exe" -l0x40c
    TWIN PS TO PC CONVERTER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}\setup.exe" -l0x9
    USB Flash Port Driver-->MsiExec.exe /I{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}
    Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
    Vegas Pro 9.0-->MsiExec.exe /X{DC785DB7-D389-48C3-B146-96FE99BF4E2B}
    VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
    World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

    ======Hosts File======

    79.106.2.131 localhost
    79.106.2.131 facebook.com

    ======System event log======

    Computer Name: Roufat-PC
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\DR11 lors d'une opération de pagination.
    Record Number: 8104
    Source Name: Disk
    Time Written: 20100215004154.004831-000
    Event Type: Avertissement
    User:

    Computer Name: Roufat-PC
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\DR7 lors d'une opération de pagination.
    Record Number: 8046
    Source Name: Disk
    Time Written: 20100214212329.944900-000
    Event Type: Avertissement
    User:

    Computer Name: Roufat-PC
    Event Code: 8032
    Message: Le service Explorateur d’ordinateur a rencontré un nombre d’échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{EF991605-F426-4D2B-9CCD-49BFD1DA6055}. L’explorateur secondaire s’arrête.
    Record Number: 8037
    Source Name: BROWSER
    Time Written: 20100214210449.000000-000
    Event Type: Erreur
    User:

    Computer Name: Roufat-PC
    Event Code: 8021
    Message: Le service Explorateur n’a pas pu retrouver la liste des serveurs du maître explorateur \\KD-PC sur le réseau \Device\NetBT_Tcpip_{EF991605-F426-4D2B-9CCD-49BFD1DA6055}.

    Maître explorateur : \\KD-PC
    Réseau : \Device\NetBT_Tcpip_{EF991605-F426-4D2B-9CCD-49BFD1DA6055}

    Cet événement peut être causé par une perte temporaire de connectivité réseau. Si ce message apparaît à nouveau, vérifiez que le serveur est toujours connecté au réseau. Le code renvoyé est dans la boîte de texte Données.
    Record Number: 8034
    Source Name: BROWSER
    Time Written: 20100214210314.000000-000
    Event Type: Avertissement
    User:

    Computer Name: Roufat-PC
    Event Code: 8003
    Message: Le maître explorateur a reçu une annonce de serveur de l’ordinateur KD-PC qui pense qu’il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{EF991605-F426-4D2B-9CCD-49BFD1DA6055. Le maître explorateur s’arrête ou une élection est provoquée.
    Record Number: 8028
    Source Name: bowser
    Time Written: 20100214210103.518337-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: Roufat-PC
    Event Code: 1000
    Message: Nom de l’application défaillante EasyRecovery.exe, version : 1.0.27.30, horodatage : 0x3ce7075e
    Nom du module défaillant : engine.dll, version : 1.0.16.19, horodatage : 0x3ce6f09a
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x00009a0d
    ID du processus défaillant : 0xe74
    Heure de début de l’application défaillante : 0x01caa622058a929d
    Chemin d’accès de l’application défaillante : C:\Program Files\Ontrack\EasyRecovery Professional\EasyRecovery.exe
    Chemin d’accès du module défaillant: C:\Program Files\Ontrack\EasyRecovery Professional\engine.dll
    ID de rapport : 637fc734-1215-11df-8906-90e6ba6792fe
    Record Number: 381
    Source Name: Application Error
    Time Written: 20100205051452.000000-000
    Event Type: Erreur
    User:

    Computer Name: Roufat-PC
    Event Code: 8194
    Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
    . Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

    Opération :
    Données du rédacteur en cours de collecte

    Contexte :
    ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
    Nom du rédacteur: System Writer
    ID d’instance du rédacteur: {6e3d7d57-ae31-4486-9617-7a7f002185f4}
    Record Number: 367
    Source Name: VSS
    Time Written: 20100205051328.000000-000
    Event Type: Erreur
    User:

    Computer Name: Roufat-PC
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2800679503-3826032511-913894979-1000:
    Process 468 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2800679503-3826032511-913894979-1000

    Record Number: 213
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20100205040324.551946-000
    Event Type: Avertissement
    User: AUTORITE NT\Système

    Computer Name: Roufat-PC
    Event Code: 8194
    Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
    . Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

    Opération :
    Données du rédacteur en cours de collecte

    Contexte :
    ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
    Nom du rédacteur: System Writer
    ID d’instance du rédacteur: {06f74cc7-42b9-411b-a235-8ff3bfa5102b}
    Record Number: 116
    Source Name: VSS
    Time Written: 20100205033444.000000-000
    Event Type: Erreur
    User:

    Computer Name: Roufat-PC
    Event Code: 1008
    Message: Le service Windows Search démarre et tente de supprimer l’ancien index de recherche {Raison : Réinitialisation totale de l’index}.

    Record Number: 97
    Source Name: Microsoft-Windows-Search
    Time Written: 20100205033432.000000-000
    Event Type: Avertissement
    User:

    =====Security event log=====

    Computer Name: Roufat-PC
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-0-0
    Nom du compte : -
    Domaine du compte : -
    ID d’ouverture de session : 0x0

    Type d’ouverture de session : 3

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x16e820f
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x0
    Nom du processus : -

    Informations sur le réseau :
    Nom de la station de travail : KD-PC
    Adresse du réseau source : 5.159.21.98
    Port source : 55867

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : NtLmSsp
    Package d’authentification : NTLM
    Services en transit : -
    Nom du package (NTLM uniquement) : NTLM V1
    Longueur de la clé : 128

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 18283
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100510172834.032483-000
    Event Type: Succès de l’audit
    User:

    Computer Name: Roufat-PC
    Event Code: 4634
    Message: Fermeture de session d’un compte.

    Sujet :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID du compte : 0x16d764c

    Type d’ouverture de session : 3

    Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
    Record Number: 18282
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100510172633.684599-000
    Event Type: Succès de l’audit
    User:

    Computer Name: Roufat-PC
    Event Code: 4634
    Message: Fermeture de session d’un compte.

    Sujet :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID du compte : 0x16d7637

    Type d’ouverture de session : 3

    Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
    Record Number: 18281
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100510172633.678599-000
    Event Type: Succès de l’audit
    User:

    Computer Name: Roufat-PC
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-0-0
    Nom du compte : -
    Domaine du compte : -
    ID d’ouverture de session : 0x0

    Type d’ouverture de session : 3

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x16d764c
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x0
    Nom du processus : -

    Informations sur le réseau :
    Nom de la station de travail : PC-DE-FOUAD
    Adresse du réseau source : 192.168.0.2
    Port source : 49442

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : NtLmSsp
    Package d’authentification : NTLM
    Services en transit : -
    Nom du package (NTLM uniquement) : NTLM V1
    Longueur de la clé : 128

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 18280
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100510172623.276004-000
    Event Type: Succès de l’audit
    User:

    Computer Name: Roufat-PC
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-0-0
    Nom du compte : -
    Domaine du compte : -
    ID d’ouverture de session : 0x0

    Type d’ouverture de session : 3

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x16d7637
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x0
    Nom du processus : -

    Informations sur le réseau :
    Nom de la station de travail : PC-DE-FOUAD
    Adresse du réseau source : 192.168.0.2
    Port source : 49441

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : NtLmSsp
    Package d’authentification : NTLM
    Services en transit : -
    Nom du package (NTLM uniquement) : NTLM V1
    Longueur de la clé : 128

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 18279
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100510172623.230001-000
    Event Type: Succès de l’audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
    "NUMBER_OF_PROCESSORS"=2
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
    "PROCESSOR_REVISION"=170a
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------


    Log.txt



    Logfile of random's system information tool 1.08 (written by random/random)
    Run by Roufat at 2010-07-24 01:52:23
    Microsoft Windows 7 Édition Intégrale
    System drive C: has 33 GB (21%) free of 153 GB
    Total RAM: 3583 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:52:30, on 24/07/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\regsvr32.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Roufat\Desktop\RSIT.exe
    C:\Program Files\trend micro\Roufat.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 79.106.2.131 localhost
    O1 - Hosts: 79.106.2.131 facebook.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Windows] "C:\Users\Public\Public Documents\Windows Movie Player\player.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DessinOpenDocument] regsvr32 /s /u "C:\Users\Roufat\AppData\Local\Dessin\DessinOpenDocument.dll"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Système')
    O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
    O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
    O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
    O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

    --
    End of file - 22870 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\DefragExpress.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
    Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-12-01 108544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-07 41760]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-11-12 81000]
    "HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-05-14 1409024]
    "Turbo Key"=C:\Program Files\ASUS\Turbo Key\TurboKey.exe [2009-04-09 1768448]
    "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-02-13 2166784]
    "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
    "B2C_AGENT"=C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [2010-05-20 317368]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows"=C:\Users\Public\Public Documents\Windows Movie Player\player.exe [2009-02-27 679936]
    "Steam"=c:\program files\steam\steam.exe [2010-05-07 1238352]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
    "DessinOpenDocument"=regsvr32 /s /u C:\Users\Roufat\AppData\Local\Dessin\DessinOpenDocument.dll []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=0
    "ConsentPromptBehaviorUser"=0
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "UacDisableNotify"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 months======

    2010-07-24 01:52:23 ----D---- C:\rsit
    2010-07-24 01:52:23 ----D---- C:\Program Files\trend micro
    2010-07-23 17:28:06 ----A---- C:\FyK.txt
    2010-07-23 12:06:08 ----D---- C:\FyK
    2010-07-23 03:38:10 ----D---- C:\Users\Roufat\AppData\Roaming\Malwarebytes
    2010-07-23 03:38:01 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
    2010-07-23 03:38:00 ----D---- C:\ProgramData\Malwarebytes
    2010-07-23 03:38:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-07-23 03:38:00 ----A---- C:\Windows\system32\drivers\mbam.sys
    2010-07-20 11:49:50 ----ASH---- C:\pagefile.sys
    2010-07-19 20:38:25 ----D---- C:\Users\Roufat\AppData\Roaming\NVIDIA
    2010-07-19 15:44:34 ----A---- C:\Windows\system32\pbsvc_apb.exe
    2010-07-19 13:27:45 ----D---- C:\Program Files\Realtime Worlds
    2010-07-11 12:34:37 ----A---- C:\Windows\system32\uxtuneup.dll
    2010-07-11 12:34:37 ----A---- C:\Windows\system32\authuitu.dll
    2010-07-05 19:08:08 ----D---- C:\Program Files\MSXML 4.0
    2010-07-04 21:20:08 ----D---- C:\Program Files\DIFX
    2010-07-04 21:20:06 ----D---- C:\Program Files\infineon
    2010-07-04 21:20:06 ----A---- C:\Windows\system32\drivers\FlashUsb.sys
    2010-07-04 21:19:26 ----D---- C:\Program Files\LG Electronics
    2010-07-04 21:13:31 ----A---- C:\Windows\system32\msxml4r.dll
    2010-07-04 21:13:31 ----A---- C:\Windows\system32\msxml4a.dll
    2010-07-04 21:13:31 ----A---- C:\Windows\system32\lgAxconfig.ini
    2010-07-04 21:13:31 ----A---- C:\Windows\system32\CommonDL.dll
    2010-07-04 20:38:59 ----D---- C:\ProgramData\LGMOBILEAX
    2010-06-30 22:06:37 ----D---- C:\Program Files\RomStation
    2010-06-25 22:06:13 ----D---- C:\Program Files\rFactor

    ======List of files/folders modified in the last 1 months======

    2010-07-24 01:52:30 ----D---- C:\Windows\Prefetch
    2010-07-24 01:52:28 ----D---- C:\Windows\Temp
    2010-07-24 01:52:23 ----RD---- C:\Program Files
    2010-07-23 23:38:27 ----D---- C:\Program Files\Steam
    2010-07-23 17:29:42 ----A---- C:\Windows\win.ini
    2010-07-23 17:29:29 ----D---- C:\Windows\system32\wdi
    2010-07-23 17:27:42 ----D---- C:\ProgramData\NVIDIA
    2010-07-23 17:26:27 ----D---- C:\Windows\system32\config
    2010-07-23 12:23:46 ----SHD---- C:\System Volume Information
    2010-07-23 12:12:13 ----D---- C:\Users\Roufat\AppData\Roaming\uTorrent
    2010-07-23 03:45:52 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
    2010-07-23 03:45:51 ----D---- C:\Windows\system32\drivers
    2010-07-23 03:38:00 ----HD---- C:\ProgramData
    2010-07-23 03:27:47 ----D---- C:\Windows\Minidump
    2010-07-23 03:27:37 ----D---- C:\Windows
    2010-07-23 01:40:16 ----A---- C:\Windows\system32\PnkBstrB.exe
    2010-07-22 19:08:12 ----D---- C:\Windows\System32
    2010-07-22 13:26:15 ----D---- C:\Program Files\Mozilla Firefox
    2010-07-21 19:05:55 ----D---- C:\Windows\debug
    2010-07-21 09:41:54 ----D---- C:\Program Files\Common Files\Steam
    2010-07-19 15:44:34 ----A---- C:\Windows\system32\PnkBstrA.exe
    2010-07-19 13:27:38 ----D---- C:\Program Files\KONAMI
    2010-07-19 13:25:38 ----SHD---- C:\Windows\Installer
    2010-07-19 13:25:37 ----SHD---- C:\Config.Msi
    2010-07-17 02:12:57 ----D---- C:\Users\Roufat\AppData\Roaming\CamfrogWEB
    2010-07-16 01:14:07 ----D---- C:\Windows\system32\catroot2
    2010-07-15 21:25:25 ----D---- C:\Program Files\adslTV
    2010-07-15 21:11:40 ----D---- C:\Users\Roufat\AppData\Roaming\vlc
    2010-07-11 12:34:26 ----D---- C:\Program Files\TuneUp Utilities 2010
    2010-07-07 18:50:30 ----D---- C:\Users\Roufat\AppData\Roaming\Skype
    2010-07-07 16:09:24 ----D---- C:\Users\Roufat\AppData\Roaming\skypePM
    2010-07-06 14:12:40 ----A---- C:\Windows\system32\TURegOpt.exe
    2010-07-05 19:08:53 ----D---- C:\Windows\winsxs
    2010-07-05 18:35:13 ----D---- C:\Program Files\VS Revo Group
    2010-07-04 22:56:55 ----D---- C:\Windows\inf
    2010-07-04 22:56:07 ----D---- C:\Windows\system32\DriverStore
    2010-07-04 21:20:08 ----D---- C:\Windows\system32\catroot
    2010-07-04 21:19:25 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-07-04 21:18:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2010-07-04 13:51:19 ----RSD---- C:\Windows\assembly
    2010-07-02 21:39:05 ----A---- C:\Windows\system32\MRT.exe
    2010-06-25 22:05:49 ----D---- C:\Users\Roufat\AppData\Roaming\FileZilla

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
    R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-05 691696]
    R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-18 12400]
    R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-12 23152]
    R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-12 110160]
    R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-12 50656]
    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
    R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2006-01-10 31846]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-02-13 142592]
    R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
    R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-12 20560]
    R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-12 51792]
    R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
    R3 hid8101;hid8101; C:\Windows\system32\drivers\hid8101.SYS [2006-10-23 31899]
    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-08-23 48640]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-21 7680]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-05-08 1047552]
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2006-06-06 11136]
    R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2006-06-06 46208]
    S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
    S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
    S3 anjxbtjr;anjxbtjr; C:\Windows\system32\drivers\anjxbtjr.sys []
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2010-02-11 14336]
    S3 FlashUSB;FlashUSB; C:\Windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
    S3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2009-08-07 12288]
    S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-02-17 101504]
    S3 ovt519;Eye Toy; C:\Windows\System32\Drivers\ov519vid.sys [2009-11-09 174530]
    S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
    S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2010-07-23 138624]
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
    S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
    S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
    S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
    S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
    S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
    S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
    S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
    S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
    S3 W
    25 Juillet 2010 08:31:51

    J'ai trouver ce que correspond a " Form1 " dans le processus c'est " Sharetest "

    Je sais pas ce que sais mais il s'allume a chaque démarrage j'ai regarder sur le net mais rien a son sujet
    26 Juillet 2010 09:46:47

    Salut,

    Désolé pour le retard, j'ai été super occupé ce weekend.
    Alors, on va commencer par nettoyer ton fichier hosts

    Télécharge R-Hosts (de S!ri).

    Lance R-host en double cliquant sur l’exe, puis clique sur restaurer , puis ok.



    Par contre, je ne vois pas de trace de Sharetest qui se lance au démarrage dans tes logs.
    26 Juillet 2010 11:14:14

    salut :) 

    Petit Problème ca marche pas :)  J'ai seven :'( 
    26 Juillet 2010 14:10:33

    Arf...
    Démarrer, tape "notepad", fais un clic droit sur l'icone de notepad et fais "Exécuter en tant qu'administrateur".
    Une fois dans notepad, fais Fichier / Ouvrir.
    Dans la fenêtre, là où tu entres le nom du fichier, colle ça:
    %windir%\system32\drivers\etc\hosts

    Puis cliques sur Ouvrir.

    Ca devrait t'ouvrir le fichier, avec deux lignes qui ressemblent à ça (les 2 dernières je suppose):
    79.106.2.131 localhost
    79.106.2.131 facebook.com

    Supprime ces deux lignes, sauvegarde et ferme notepad.
    26 Juillet 2010 17:42:04

    C'est fait.


    J'ai aussi un problème avec Firefox il me met en bas a droite " En attente de 74.55.39.45... "

    Est ce que ca viens de ce Form1 aussi ?.
    26 Juillet 2010 20:03:09

    Bon, vu que la ligne suivante me choque, on va essayer de la supprimer
    O4 - HKCU\..\Run: [DessinOpenDocument] regsvr32 /s /u "C:\Users\Roufat\AppData\Local\Dessin\DessinOpenDocument.dll"

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    O4 - HKCU\..\Run: [DessinOpenDocument] regsvr32 /s /u "C:\Users\Roufat\AppData\Local\Dessin\DessinOpenDocument.dll"

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    Refais un scan Hijackthis pour s'assurer que la ligne n'y est plus. Ensuite, redémarre ton PC, et dis-moi si tu as toujours ce problème.
    27 Juillet 2010 02:17:19

    bon ^^ alors

    bonne nouvelle firefox beuge plus tous s'affiche bien

    mais !

    Form1 est toujours la :s
    27 Juillet 2010 10:06:48

    Ok, donc c'était bien infectieux...
    Est-ce que tu sais de quand date tes problèmes ? Que l'on essaie de voir s'il y a d'autres fichiers infectieux liés à ce DessinOpenDocument ?
    Essaie de voir la date de création du dossier C:\Users\Roufat\AppData\Local\Dessin (AppData est un dossier caché)
    27 Juillet 2010 11:30:35

    ‎Crée le: samedi ‎12 ‎juin ‎2010, ‏‎04:25:13

    Voila
    27 Juillet 2010 12:18:56

    C'est pour ça que RSIT ne ressortait pas ces informations vu qu'il ne prenait que 30 jours.

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Dans la section "Analyse des fichiers", "Âge du fichier", met 60 jours
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    27 Juillet 2010 16:50:48

    Il y a une ligne que l'on avait pas dans Hijackthis:
    O4 - HKCU..\Run: [Windows] C:\Users\Public\Public Documents\Windows Movie Player\player.exe ()


    Essaie de regarder si elle y est dans Hijackthis.

    Si elle y est, fais la même chose qu'au dessus (coche, Fix Checked, redémarre)

    Et tu peux supprimer le dossier C:\Users\Roufat\AppData\Local\Dessin et le dossier C:\Users\Public\Public Documents\Windows Movie Player\
    27 Juillet 2010 18:32:23

    Hey Bonne Nouvelle

    FORM1 a Disparu !!

    Merci Beaucoup Pour Ton Aide Omar :) 

    Tu est Le Meilleur !
    27 Juillet 2010 18:41:44

    Le meilleur, je sais pas :) 

    Ce qui m'inquiète, c'est qu'il n'y avait pas de trace de ce Windows Movie Player dans les précédents Hijackthis. J'imagine qu'il peut y avoir 3 solutions:
  • soit tu t'es fait ré-infecter depuis
  • soit il y a une autre infection que je n'ai pas vu et qui avait installé ça
  • soit le DessinOpenDocument permettait de cacher le Windows Movie Player...


    Pour vérifier, est-ce que tu pourrais refaire un log Hijackthis, puis un petit coup de MBAM ?
    27 Juillet 2010 23:22:11

    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:21:28, on 27/07/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\DllHost.exe
    D:\Mes Documents\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Système')
    O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
    O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O13 - Gopher Prefix:
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    --
    End of file - 7824 bytes
    27 Juillet 2010 23:27:47

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4359

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    27/07/2010 23:27:40
    mbam-log-2010-07-27 (23-27-40).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 130064
    Temps écoulé: 4 minute(s), 45 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    28 Juillet 2010 09:20:45

    Bah écoute, je ne vois rien de plus... donc pour moi c'est bon.
    Tu peux désinstaller les outils si tu veux.

    Je te conseille de conserver MBAM qui est vraiment pas mal.
    Ensuite, désinstalle Avast 4 et installe la version 5 qui a fait énormément de progrès.

    Et n'hésites pas si tu as d'autres soucis :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS