Virus/trojan : vire avast, empeche install nouveau antivirus

Bonjour!

alors voila, hier simplement après avoir cliqué sur un lien, j'ai vu avast se désactiver,disparaitre,toutes mes applications et pages se fermer et mon pc rédémarrer seul. J'ai par la suite essayé de le réactiver(avast),comme cela ne fonctionnait pas, je l'ai désinstallé et ai tenté de réinstaller d'autres antivirus (bitdefender,antivir,...) ou anti trojans mais impossible , des fichiers sont tjs manquants ou refusent de s'installer . Tout c'que j'ai pu faire c'est un scan à l'aide du scanner online de bitdefender, qui a déjà ôté qq virus & trojans, mais qui n'a pu désinfecter/effacer un "trojan.BL" (plus sûre du nom exact , page fermée avant que j'aie pu noter -_-' )

si qqn pouvait m'aider, je n'm'y connais pas bcp, ce serait vrmt gentil

merci!

Anya

Salut

http://www.pctools.com/fr/free-antivirus/ essaye avec se logiciel

Bonsoir Anya,

Telecharge FindyKill et enregistre-le sur ton bureau.

- Dezippe le (extraire) sur ton bureau
- Entre dans le dossier FindyKill et double clique sur findyKill.bat
- choisi l'option 1 (Recherche)

- Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque (C:\ normalement)

merci, voila le rapport de findykill :




----------------- FindyKill V4.711 ------------------

* User : Elsalila - PC-DE-ELSALILA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 19:18:31 le lun. 12/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SatSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe
C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe
C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\14905240.EXE-C456F4B4.pf
Found ! - C:\Windows\prefetch\14936206.EXE-FF703BFA.pf
Found ! - C:\Windows\prefetch\14945582.EXE-616FFFE5.pf
Found ! - C:\Windows\prefetch\240881.EXE-A9969402.pf
Found ! - C:\Windows\prefetch\29553562.EXE-0E3B10B8.pf
Found ! - C:\Windows\prefetch\29588740.EXE-D61DCE6E.pf
Found ! - C:\Windows\prefetch\29600191.EXE-604859F3.pf
Found ! - C:\Windows\prefetch\354403.EXE-C4B3A586.pf
Found ! - C:\Windows\prefetch\366945.EXE-8AD9994C.pf
Found ! - C:\Windows\prefetch\380923.EXE-403EE504.pf
Found ! - C:\Windows\prefetch\384651.EXE-217F5FC6.pf
Found ! - C:\Windows\prefetch\393481.EXE-509C0B8B.pf
Found ! - C:\Windows\prefetch\44280353.EXE-F1076ED8.pf
Found ! - C:\Windows\prefetch\44417603.EXE-57784A38.pf
Found ! - C:\Windows\prefetch\44449458.EXE-E4E78621.pf
Found ! - C:\Windows\prefetch\468096.EXE-AFBFF69C.pf
Found ! - C:\Windows\prefetch\470811.EXE-4DBEF740.pf
Found ! - C:\Windows\prefetch\563054.EXE-B419711A.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-11156B11.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Found ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf
Found ! - C:\Windows\prefetch\WINUPGRO.EXE-5D264CF7.pf
Found ! - C:\Windows\prefetch\WINUPGRO.EXE-980014EA.pf
Found ! - C:\Windows\Prefetch\KEYGEN.EXE-8AE5FB0F.pf
Found ! - C:\Windows\Prefetch\KEYGEN.EXE-8AE5FB0F.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [12/01/2009 17:52] - C:\Windows\system32\mdelk.exe
Found ! [12/01/2009 17:52] - C:\Windows\system32\wintems.exe
Found ! [12/01/2009 18:41] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans C:\Users\Elsalila\AppData\Roaming

Found ! [12/01/2009 12:53] - "C:\Users\Elsalila\AppData\Roaming\m\flec006.exe"
Found ! [12/01/2009 12:54] - "C:\Users\Elsalila\AppData\Roaming\m\list.oct"
Found ! [12/01/2009 12:54] - "C:\Users\Elsalila\AppData\Roaming\m\data.oct"
Found ! [12/01/2009 12:54] - "C:\Users\Elsalila\AppData\Roaming\m\srvlist.oct"
Found ! [12/01/2009 15:40] - "C:\Users\Elsalila\AppData\Roaming\m\shared"
Found ! [12/01/2009 04:45] - "C:\Users\Elsalila\AppData\Roaming\m"
Found ! [11/01/2009 23:55] - "C:\Users\Elsalila\AppData\Roaming\drivers"
Found ! [12/01/2009 17:46] - "C:\Users\Elsalila\AppData\Roaming\drivers\srosa.sys"
Found ! [12/01/2009 17:46] - "C:\Users\Elsalila\AppData\Roaming\drivers\srosa2.sys"
Found ! [08/07/2005 10:05] - "C:\Users\Elsalila\AppData\Roaming\drivers\winupgro.exe"
Found ! [12/01/2009 17:57] - "C:\Users\Elsalila\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Users\Elsalila\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\Elsalila\Local Settings\Temporary Internet Files\Content.IE5

Found ! [19/04/2006 13:45] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_de\ReadMe.txt
Found ! [19/04/2006 13:45] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_en_GB\ReadMe.txt
Found ! [19/04/2006 13:45] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_es\ReadMe.txt
Found ! [19/04/2006 13:46] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_fr\ReadMe.txt
Found ! [19/04/2006 13:46] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_it\ReadMe.txt
Found ! [19/04/2006 13:46] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_nl\ReadMe.txt
Found ! [19/04/2006 13:47] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_pt\ReadMe.txt
Found ! [19/04/2006 13:47] - C:\Program Files\epson\Creativity Suite\File Manager\Readme\_ru\ReadMe.txt
Found ! [01/01/2008 22:57] - C:\Users\Elsalila\AppData\Roaming\EPSON\Creativity Suite\File Manager\argfile.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
EPSON Stylus DX4400 Series=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S3E38.tmp" /EF "HKCU"
Veoh="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
<NO NAME>=
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Apoint=C:\Program Files\Apoint\Apoint.exe
ISBMgr.exe="C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
Symantec PIF AlertEng="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
SSS2007 PasswordManagerFFAutoFill="C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"
SSS2007 HotKeys="C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"
SSS2007 File Redirection Starter="C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\FFC

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 2

Wlansvc - Type de démarrage = 2

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}\Shell\open\Command

ah oui, j'ai aussi un autre soucis, mon wifi n'est plus activé je dois me connecter au moyen du cable, "Le service sans fil de windows n est pas en cours d execution sur cet ordinateur" et qd j'essaie de le réactiver j'ai erreur 1068. Sur d'autres post/forums, ils disent que cela peut être lié a un trojan bagle, et effectivement ds le scan que j'ai deja effectué avec bitdefender online et dont je n'étais plus sure du nom, je pense que c'était bien ca.

Bonsoir,

Quelques informations :

Le danger des cracks !

Informations sur l'infection Bagle



1) Double-clique sur le raccourci FindyKill sur ton bureau

- Au menu principal, choisis l'option 2 (Suppression)

Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué"

- Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé dans le répertoire C:\


2) Désactive tes logiciels de protection (Antivirus, Antispywares) puis :


3) Télécharge Combofix de sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!


4) Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

ok je suis en train de faire ca avec findyskill mais ca fait dps... que vous avez posté le msg que j'ai mis ca en route, et ca fait dps tout ce tps que ca me dit d 'attendre 10-15min "searching for other infections , don't close this window" , j'vais commencer à croire que ca coince non ? :$

et effectivement j'ai bien ouvert un crack (par erreur) ds un fichier venant d'émule hier *honteuse*

Bonsoir,

Arrête FindyKill et relance-le (option 2)

voila le second rapport findykill :



----------------- FindyKill V4.711 ------------------

* User : Elsalila - PC-DE-ELSALILA
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 20:14:52 the lun. 12/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SatSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\14905240.EXE-C456F4B4.pf
Deleted ! - C:\Windows\prefetch\14936206.EXE-FF703BFA.pf
Deleted ! - C:\Windows\prefetch\14945582.EXE-616FFFE5.pf
Deleted ! - C:\Windows\prefetch\240881.EXE-A9969402.pf
Deleted ! - C:\Windows\prefetch\29553562.EXE-0E3B10B8.pf
Deleted ! - C:\Windows\prefetch\29588740.EXE-D61DCE6E.pf
Deleted ! - C:\Windows\prefetch\29600191.EXE-604859F3.pf
Deleted ! - C:\Windows\prefetch\354403.EXE-C4B3A586.pf
Deleted ! - C:\Windows\prefetch\366945.EXE-8AD9994C.pf
Deleted ! - C:\Windows\prefetch\380923.EXE-403EE504.pf
Deleted ! - C:\Windows\prefetch\384651.EXE-217F5FC6.pf
Deleted ! - C:\Windows\prefetch\393481.EXE-509C0B8B.pf
Deleted ! - C:\Windows\prefetch\44280353.EXE-F1076ED8.pf
Deleted ! - C:\Windows\prefetch\44417603.EXE-57784A38.pf
Deleted ! - C:\Windows\prefetch\44449458.EXE-E4E78621.pf
Deleted ! - C:\Windows\prefetch\468096.EXE-AFBFF69C.pf
Deleted ! - C:\Windows\prefetch\470811.EXE-4DBEF740.pf
Deleted ! - C:\Windows\prefetch\563054.EXE-B419711A.pf
Deleted ! - C:\Windows\prefetch\FLEC006.EXE-11156B11.pf
Deleted ! - C:\Windows\prefetch\KEYGEN.EXE-8AE5FB0F.pf
Deleted ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Deleted ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf
Deleted ! - C:\Windows\prefetch\WINUPGRO.EXE-5D264CF7.pf
Deleted ! - C:\Windows\prefetch\WINUPGRO.EXE-980014EA.pf

»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\Elsalila\AppData\Roaming

Deleted ! - "C:\Users\Elsalila\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Bass Phaser 1.0a.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\CAPTUROV 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Clock Book Free Screensaver 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\DirectISO 1.60.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Displaying 88001 - 90000 of 107598.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\DMDirc 0.5.5.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\DrummingDummy 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\FabFilter Twin 1.20.czip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\FabFilter Twin 1.20.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\foo trackpos 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Friskfonter 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\InfraRecorder 0.46.1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\JDDM (Java Drop Down Menu) 2.1.003.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\KNAC Pure Rock Widget 2.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Life insurance 1.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Llama Screen Savers 5 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\LockWorkstation 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\MB5-292 Practice Exam Testing Engine Software 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Net Pal 1.2c.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\PDF to Image command line 3.6.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Reset Password Management 4.04 Build 1020.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\SFV Decoded 1.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Tessella 2.5.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\Web Easy Professional 7.0.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\WindowSurfer 1.9.20.zip
Deleted ! - C:\Users\Elsalila\AppData\Roaming\m\shared\X-Scriptor 1.0.zip
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\m"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\Elsalila\AppData\Roaming\drivers"

»»»» Supression files in C:\Users\Elsalila\AppData\Local\Temp

Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\Local AppWizard-Generated Applications\keygen
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\bisoft
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\DateTime4
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro

»»»» Supression files in C:\Users\Elsalila\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Users\Elsalila\Local Settings\Temporary Internet Files\Content.IE5\7PJT7FCW\b64_2[1].jpg
Deleted ! - C:\Users\Elsalila\Local Settings\Temporary Internet Files\Content.IE5\FQUU25R5\b64[1].jpg
Deleted ! - C:\Users\Elsalila\Local Settings\Temporary Internet Files\Content.IE5\Y6LTG66P\b64_1[1].jpg
Deleted ! - C:\Users\Elsalila\Local Settings\Temporary Internet Files\Content.IE5\Y6LTG66P\file[1].txt

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\Local AppWizard-Generated Applications\keygen
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2965552941-3572676909-1493365005-1003\Software\FFC

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

-> UAC is Enable

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}\Shell\open\Command

--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\wintems.exe
ebe38e2fcd97bfaf184cd5386100b529 C:\Users\Elsalila\AppData\Roaming\drivers\winupgro.exe

Suspect ! - 0028fa999180fad745b7f23872278941 C:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe
Suspect ! - 4eb3e34c4a02fe2de2731e6c83b48252 C:\Program Files\High-Logic\Scanahand\Scanahand.exe
Suspect ! - 0cc764ebe1967901f7dfc21a4b58845c C:\Program Files\High-Logic\Scanahand2\Scanahand.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Elsalila\A TRIER\W950I Und m600I Game And Software\W950i Game and Software\Game\maumau uiq3 p990 Keygen
C:\Users\Elsalila\A TRIER\W950I Und m600I Game And Software\W950i Game and Software\Game\maumau uiq3 p990 Keygen\Info.txt
C:\Users\Elsalila\A TRIER\W950I Und m600I Game And Software\W950i Game and Software\Game\maumau uiq3 p990 Keygen\Lonely.Cat.Games.Mau.Mau.v2.10.S60.SymbianOS.Keygen.exe
C:\Users\Elsalila\A TRIER\W950I Und m600I Game And Software\W950i Game and Software\Game\maumau uiq3 p990 Keygen\maumau_uiq_3_0_handango.sis
C:\Users\Elsalila\Downloads\MIDI beethoven, mozart, chopin, satie, vivaldi, albinoni, bach\Tchaikovsky\Arabian Dance Nutcracker Suite (Tchaicovsky).mid
C:\Users\Elsalila\Downloads\MIDI beethoven, mozart, chopin, satie, vivaldi, albinoni, bach\Tchaikovsky\Overture Nutcracker Suite (Tchaicovsky).mid
C:\Users\Elsalila\Downloads\Scanahand 2.0\crack.nfo
C:\Users\Elsalila\Music\Jumpstyle Elec House\03-coone_-_cracked_(chicago_zone_remix).mp3
C:\Users\Elsalila\Music\Jumpstyle Elec House\Rob B - Snack Cracker (Teka B vs. Teknic 2007 remix).mp3
C:\ProgramData\Adobe\Photoshop Elements\5.0\Photo Creations\artwork\backgrounds\texture\Cracked Paint.jpg


---------------- ! End of report ! ------------------

et voila le rapport de combofix :

ComboFix 09-01-11.04 - Elsalila 2009-01-12 21:12:40.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1022.227 [GMT 1:00]
Lancé depuis: c:\users\Elsalila\Desktop\ComboFixx.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 ))))))))))))))))))))))))))))))))))))
.

2009-01-12 19:07 . 2009-01-12 19:07 <REP> d-------- c:\program files\CCleaner
2009-01-12 18:56 . 2009-01-12 21:07 <REP> d-------- c:\program files\FindyKill
2009-01-12 17:02 . 2009-01-12 17:02 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-12 16:06 . 2009-01-12 16:06 401,720 --a------ c:\users\Elsalila\HiJackThs.exe
2009-01-12 15:54 . 2009-01-12 15:54 <REP> d-------- c:\program files\Trend Micro
2009-01-12 15:54 . 2009-01-12 15:54 812,344 --a------ c:\users\Elsalila\HJTInstall.exe
2009-01-12 15:49 . 2009-01-12 15:50 17,581,632 --a------ c:\users\Elsalila\SpySweeperSNRSetup_FR.exe
2009-01-12 14:56 . 2009-01-12 14:56 <REP> d-------- c:\program files\AxBx
2009-01-12 01:06 . 2009-01-12 07:17 <REP> d-------- c:\windows\BDOSCAN8
2009-01-12 00:13 . 2009-01-12 00:14 22,148,280 --a------ c:\users\Elsalila\antivir_workstation_winu_fr_h.exe
2009-01-11 01:13 . 2009-01-11 01:50 <REP> d-------- c:\users\Elsalila\AppData\Roaming\Scanahand
2009-01-11 01:13 . 2009-01-11 01:49 <REP> d-------- c:\program files\High-Logic
2009-01-11 01:13 . 2007-07-19 19:26 165,016 --a------ c:\windows\System32\FontInstaller.dll
2009-01-11 00:32 . 2009-01-11 00:48 <REP> d-------- c:\users\Elsalila\Polices
2009-01-10 21:49 . 2009-01-10 21:51 3,778,400 --a------ c:\users\Elsalila\ScanahandSetup.exe
2008-12-20 19:02 . 2008-12-20 19:02 <REP> d-------- c:\program files\StepVoice Recorder
2008-12-19 16:54 . 2008-12-19 16:53 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-19 16:34 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-18 19:04 . 2008-12-18 19:04 <REP> d-------- c:\program files\ConvertHelper
2008-12-18 18:51 . 2009-01-06 02:42 <REP> d-------- c:\users\Elsalila\dwhelper
2008-12-13 14:03 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 19:51 . 2008-10-29 07:20 2,923,520 --a------ c:\windows\explorer.exe
2008-12-12 19:48 . 2008-06-23 02:52 2,855,424 --a------ c:\windows\System32\mf.dll
2008-12-12 19:48 . 2008-06-23 02:52 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-12 19:48 . 2008-06-23 02:52 98,816 --a------ c:\windows\System32\mfps.dll
2008-12-12 19:48 . 2008-06-23 02:52 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-12 19:48 . 2008-06-23 02:52 52,736 --a------ c:\windows\System32\rrinstaller.exe
2008-12-12 19:48 . 2008-06-23 02:52 24,576 --a------ c:\windows\System32\mfpmp.exe
2008-12-12 19:48 . 2008-06-22 23:34 2,048 --a------ c:\windows\System32\mferror.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 19:19 --------- d-----w c:\users\Elsalila\AppData\Roaming\OpenOffice.org2
2009-01-11 15:55 36,158 ----a-w c:\users\Elsalila\AppData\Roaming\nvModes.dat
2009-01-11 02:14 --------- d-----w c:\users\Elsalila\AppData\Roaming\uTorrent
2008-12-19 15:53 --------- d-----w c:\program files\Java
2008-12-13 18:12 174 --sha-w c:\program files\desktop.ini
2008-12-13 18:04 --------- d-----w c:\program files\Windows Mail
2008-12-13 13:12 --------- d-----w c:\programdata\Microsoft Help
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-08-14 16:54 8,327,705 ----a-w c:\users\Elsalila\aMSN-0.97.2-tcl85-windows-installer.exe
2008-07-31 20:22 1,684,997 ----a-w c:\users\Elsalila\speedfan_speedfan_4.34_francais_anglais_11074.exe
2008-07-04 17:19 6,104,632 ----a-w c:\users\Elsalila\picasaweb-current-setup.exe
2008-08-14 09:16 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-14 09:16 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-14 09:16 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 3497984]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-17 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-17 81920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2009-01-12 517768]
"SSS2007 PasswordManagerFFAutoFill"="c:\program files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe" [2007-05-21 21504]
"SSS2007 HotKeys"="c:\program files\Steganos Security Suite 2007\SteganosHotKeyService.exe" [2007-05-21 25088]
"SSS2007 File Redirection Starter"="c:\program files\Steganos Security Suite 2007\fredirstarter.exe" [2007-05-15 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]

c:\users\Elsalila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= emYUV.dll
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2965552941-3572676909-1493365005-1003]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC37EA31-9CB5-41E7-B271-4CFB23A8287F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2F4B5941-4206-414C-BC35-CD62A2FBA6BD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73318B65-FDD1-46DF-ADBE-D9EDB5A283A5}"= Disabled:UDP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{F1293BEE-7F07-4AC8-AE41-921300622260}"= Disabled:TCP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{0D0B4907-3B69-4D5B-8C6E-E23294BA016B}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{458ECDA5-DBEC-468B-A8D2-F7C666170D8B}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{15C067AA-5E32-4042-9C56-78C0DEFD5CE3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DF1D2008-E7D8-41C8-960F-3F075F26C61D}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{1B3EB15C-9C5C-4669-8205-938D3F2667BE}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{A6FEADEE-47E7-44FC-AA90-E468AF9293EA}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{D26372DB-65AF-4595-A3BB-A1FC58C9D1B6}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4A774E6E-3331-4779-A0C8-ECC540A98DD0}"= UDP:c:\users\Elsalila\Downloads\utorrent.exe:µTorrent
"{84C2C33C-61A4-472F-9994-FF3CACFA9D5A}"= TCP:c:\users\Elsalila\Downloads\utorrent.exe:µTorrent
"TCP Query User{1AAA205B-4CB1-4127-8E04-892978AB88DD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{727F2367-BCFA-4E52-81B7-669197418E23}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{45DEA83C-E03B-41C6-9DE7-23F4432D271E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{5F779AA5-77D1-4476-BA92-9B772C23C6F8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{DD709150-2CDC-4BCA-B376-C3CF84A5D452}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{E4F79721-FE96-4EC3-8518-DA3B5DAEA71C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{C012A7D2-CCB4-48AA-BEBA-58F93BF703CE}c:\\program files\\amsn\\bin\\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{5063DD4B-15ED-4562-9C30-03A53921988E}c:\\program files\\amsn\\bin\\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application
"{A512FA58-72C5-4964-8101-5B9C37EB81C9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{835B4B06-2436-48EB-BF89-EB16C88E4D1E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\System32\drivers\sleen15.sys [2007-02-21 12:33:54 80232]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-04-28 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-04-28 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-04-28 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-04-28 807424]
R4 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R4 SatSrv;Steganos AntiTheft;c:\windows\System32\SatSrv.exe [2006-12-05 184320]
S3 DCamUSBET;ET USB 2710 Camera;c:\windows\System32\drivers\etDevice.sys [2005-10-20 94720]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [2006-02-16 123776]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [2005-10-20 6016]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [2007-09-21 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-09-21 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-09-21 1089536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}]
\shell\AutoRun\command - G:\
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Elsalila\AppData\Roaming\Mozilla\Firefox\Profiles\m1ayu8me.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 21:17:28
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-01-12 21:20:18
ComboFix-quarantined-files.txt 2009-01-12 20:20:12

Avant-CF: 20.028.055.552 octets libres
Après-CF: 19,787,685,888 octets libres

193 --- E O F --- 2009-01-12 19:25:18

autre chose à faire après cela? :$

Bonsoir

1) Quel est ton anti-virus ?


2) Télécharge OTViewIt de OldTimer sur ton bureau.

- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.

Si le bloc note ne s'ouvre pas, tu les trouveras sur ton bureau : OTViewIt.txt et Extras.txt

1/ je me servais d'avast mais je suis bien consciente qu'c'n'est pas une bonne idée, et je vais demander à un ami de m'installer nod32 (est-ce un bon choix) mais d'ici à c'qu'il puisse venir, que conseilleriez vous en attendant? :$ antivir?bitdefender?

2/je fais ca de suite

premier rapport :


OTViewIt logfile created on: 12/01/2009 21:47:49 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Elsalila\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1021,81 Mb Total Physical Memory | 376,84 Mb Available Physical Memory | 36,88% Memory free
2,24 Gb Paging File | 1,37 Gb Available in Paging File | 61,07% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,01 Gb Total Space | 18,47 Gb Free Space | 18,10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-ELSALILA
Current User Name: Elsalila
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2006/11/02 10:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 10:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007/09/30 14:53:41 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/12/22 07:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2008/02/26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2007/03/28 20:41:24 | 03,290,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
[2007/06/28 23:02:08 | 01,049,856 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
[2006/12/05 09:27:04 | 00,184,320 | ---- | M] () -- C:\Windows\System32\SatSrv.exe
[2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2007/05/11 15:24:04 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
[2006/11/02 10:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/02/13 14:19:48 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
[2006/11/28 18:27:46 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/01/10 12:09:12 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2006/11/28 18:09:46 | 00,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
[2006/11/28 18:09:58 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
[2007/02/13 14:19:48 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
[2006/11/02 10:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2007/02/09 09:54:42 | 00,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
[2007/02/05 10:20:16 | 00,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
[2007/02/27 08:50:42 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 13:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/11/02 13:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/03/14 22:14:38 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
[2008/03/14 22:14:38 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2006/11/02 10:44:59 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2008/10/16 22:09:43 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2006/11/02 13:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2007/10/18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2006/11/02 13:34:43 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2006/11/02 13:34:44 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/01/12 21:39:10 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Elsalila\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (AdobeActiveFileMonitor5.0 [Auto | Running])
File not found -- -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (CLTNetCnService [Auto | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 13:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2007/09/23 13:20:01 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 13:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
File not found -- -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2006/11/02 13:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 10:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
File not found -- -- (gusvc [On_Demand | Stopped])
File not found -- -- (IDriverT [On_Demand | Stopped])
File not found -- -- (IviRegMgr [Auto | Running])
File not found -- -- (LiveUpdate [On_Demand | Stopped])
File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
File not found -- -- (LiveUpdate Notice Service [Auto | Stopped])
File not found -- -- (MSCSPTISRV [On_Demand | Stopped])
[2006/11/02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
File not found -- -- (MSSQL$VAIO_VEDB [Auto | Running])
File not found -- -- (MSSQLServerADHelper [Disabled | Stopped])
File not found -- -- (NBService [On_Demand | Stopped])
[2006/11/02 13:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (NMIndexingService [On_Demand | Stopped])
File not found -- -- (Norton Ghost [Auto | Running])
[2007/06/28 23:02:08 | 01,049,856 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe -- (O&O Defrag [Auto | Running])
File not found -- -- (odserv [On_Demand | Stopped])
File not found -- -- (ose [On_Demand | Stopped])
File not found -- -- (PACSPTISVR [On_Demand | Stopped])
[2006/12/05 09:27:04 | 00,184,320 | ---- | M] () -- C:\Windows\System32\SatSrv.exe -- (SatSrv [Auto | Running])
[2006/11/02 10:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2007/09/30 14:53:41 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (SonicStage Back-End Service [On_Demand | Stopped])
File not found -- -- (SPTISRV [On_Demand | Stopped])
File not found -- -- (SQLBrowser [Auto | Running])
File not found -- -- (SQLWriter [Auto | Running])
File not found -- -- (SSScsiSV [On_Demand | Stopped])
[2007/05/11 15:24:04 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV [Auto | Running])
[2006/11/02 10:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
File not found -- -- (usnjsvc [On_Demand | Running])
File not found -- -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
File not found -- -- (VAIO Event Service [Auto | Running])
File not found -- -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
File not found -- -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
File not found -- -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
File not found -- -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
File not found -- -- (VAIOMediaPlatform-UCLS-AppServer [On_Demand | Stopped])
File not found -- -- (VAIOMediaPlatform-UCLS-HTTP [On_Demand | Stopped])
File not found -- -- (VAIOMediaPlatform-UCLS-UPnP [On_Demand | Stopped])
File not found -- -- (Vcsw [On_Demand | Running])
[2006/11/02 10:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (VzCdbSvc [Auto | Running])
File not found -- -- (VzFw [Auto | Running])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
File not found -- -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/01/10 12:09:12 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 10:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2007/01/12 06:52:24 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/11/02 09:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/02/13 01:37:08 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2005/10/20 19:11:00 | 00,094,720 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET [On_Demand | Stopped])
[2006/11/02 09:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/10/18 10:56:30 | 00,010,216 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall [System | Running])
[2007/09/23 13:20:01 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 13:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
File not found -- -- (eeCtrl [System | Running])
[2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 10:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 09:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/02/16 19:01:34 | 00,123,776 | ---- | M] (eMPIA Technology Inc.) -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2007/03/28 20:12:18 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/04/28 09:20:27 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 08:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2007/01/10 12:09:11 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/01/10 12:09:08 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2007/02/28 04:26:30 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Boot | Running])
[2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 10:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/02/13 01:37:03 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006/11/02 09:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 09:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2007/01/10 12:09:11 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2007/12/16 10:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007/09/23 13:14:13 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/26 02:11:59 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2007/12/13 00:29:06 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 10:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 10:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/02/13 01:32:42 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 08:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])
[2007/03/07 12:34:04 | 02,216,448 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
[2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/05/02 09:58:12 | 00,017,536 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
[2006/11/02 09:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/04/17 03:47:51 | 07,493,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2007/09/23 13:20:02 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/03/16 08:16:21 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 13:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007/03/15 20:19:32 | 00,074,240 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86 [On_Demand | Running])
[2007/03/15 20:19:32 | 00,043,904 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86 [On_Demand | Running])
[2006/11/02 10:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2007/04/17 19:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\Windows\System32\drivers\regi.sys -- (regi [Auto | Running])
[2006/11/02 09:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2005/10/20 19:29:00 | 00,006,016 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET [On_Demand | Stopped])
[2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/02/13 01:37:04 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 10:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2007/02/21 12:33:54 | 00,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER [System | Running])
[2006/11/02 09:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007/02/06 06:54:39 | 00,027,520 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC [On_Demand | Running])
[2007/04/05 02:03:44 | 00,031,104 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF [On_Demand | Running])
[2006/11/02 10:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/12/13 00:29:05 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2007/12/13 00:29:05 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/05/11 15:24:05 | 00,325,120 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2007/03/28 20:29:12 | 00,131,944 | ---- | M] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys -- (symsnap [Boot | Running])
[2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 09:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 09:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2007/02/08 04:53:57 | 00,807,424 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony [On_Demand | Running])
[2007/01/12 20:41:32 | 00,113,792 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd [On_Demand | Stopped])
[2007/01/24 13:57:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped])
[2007/01/12 20:16:54 | 00,040,576 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb [On_Demand | Stopped])
[2006/11/02 10:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2007/09/23 13:14:11 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007/09/23 13:14:11 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 09:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/05/02 09:58:14 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
[2006/11/02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 09:55:05 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2006/11/02 09:55:20 | 00,132,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2007/03/28 20:29:10 | 00,037,864 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\v2imount.sys -- (v2imount [Auto | Running])
[2006/11/02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 10:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 10:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2007/03/28 20:23:50 | 00,014,072 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor [On_Demand | Stopped])
[2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/02/13 01:37:05 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2007/03/28 20:49:42 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2007/01/10 12:09:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/11/02 09:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 09:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/01/10 12:09:12 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])
[2007/02/08 04:10:48 | 00,195,584 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.be/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
{1427A821-7B93-4F08-9A34-9FA03A3D93DB} (HKLM) -- C:\Programmes\Steganos Security Suite 2007\PasswordManagerBHO.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programmes\Java\jre6\bin\ssv.dll File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programmes\Java\jre6\bin\jp2ssv.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe File not found
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" File not found
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"SSS2007 File Redirection Starter"="C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe" File not found
"SSS2007 HotKeys"="C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe" File not found
"SSS2007 PasswordManagerFFAutoFill"="C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe" File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" File not found
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S3E38.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableRegistryTools"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Programmes\Microsoft Office\Office12\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Envoyer à OneNote -- Reg Error: Key does not exist or could not be opened. File not found
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: &Envoyer à OneNote -- Reg Error: Key does not exist or could not be opened. File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- Reg Error: Key does not exist or could not be opened. File not found
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}: Button: Barre de recherche Encarta -- %SystemDrive%\Programmes\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{6CFA8444-FB4B-4C74-8D34-A996B3611546} (Servers: | Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller)
{7E7238F1-C02F-4ACF-ABA3-FB62A3FDC651} (Servers: | Description: Intel(R) PRO/Wireless 3945ABG Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
VESWinlogon: "DllName" = VESWinlogon.dll -- C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 10:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 10:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30615d4a-1828-11dd-9cbe-0013a9c2fe4e}\Shell\AutoRun\command]
""=G:\

========== Files/Folders - Created Within 60 Days ==========

[2009/01/12 21:39:10 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Elsalila\Desktop\OTViewIt.exe
[2009/01/12 21:10:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/01/12 21:10:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/01/12 21:10:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/01/12 21:10:52 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/01/12 21:10:52 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/01/12 21:10:52 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/01/12 21:10:52 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/01/12 21:10:52 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/01/12 21:10:52 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/01/12 21:10:45 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/01/12 21:10:45 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/12 21:10:44 | 00,000,000 | ---D | C] -- C:\ComboFixx
[2009/01/12 20:05:38 | 02,923,761 | R--- | C] () -- C:\Users\Elsalila\Desktop\ComboFixx.exe
[2009/01/12 19:46:25 | 00,024,695 | ---- | C] () -- C:\Users\Elsalila\Documents\virus tuto.odt
[2009/01/12 19:16:04 | 02,697,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Elsalila\Desktop\mbam-setup.exe
[2009/01/12 19:14:19 | 00,267,738 | ---- | C] () -- C:\Users\Elsalila\Documents\cc_20090112_191350.reg
[2009/01/12 19:07:41 | 00,001,670 | ---- | C] () -- C:\Users\Elsalila\Desktop\CCleaner.lnk
[2009/01/12 19:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/01/12 19:06:58 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Users\Elsalila\Desktop\ccsetup215.exe
[2009/01/12 18:56:51 | 00,001,688 | ---- | C] () -- C:\Users\Elsalila\Desktop\FindyKill.lnk
[2009/01/12 18:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\FindyKill
[2009/01/12 18:55:08 | 00,554,697 | ---- | C] () -- C:\Users\Elsalila\Desktop\FindyKill.exe
[2009/01/12 17:02:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/01/12 15:54:35 | 00,001,874 | ---- | C] () -- C:\Users\Elsalila\Desktop\HijackThis.lnk
[2009/01/12 15:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/12 14:56:20 | 00,000,000 | ---D | C] -- C:\Program Files\AxBx
[2009/01/12 03:01:04 | 00,068,096 | ---- | C] () -- C:\Users\Elsalila\Documents\txt courage.odt
[2009/01/12 02:44:33 | 00,015,680 | ---- | C] () -- C:\Users\Elsalila\Documents\elsa txt antivirus.odt
[2009/01/12 02:04:09 | 00,065,024 | ---- | C] () -- C:\Users\Elsalila\Documents\Elsa 120109.doc
[2009/01/12 01:06:52 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/01/11 01:29:25 | 00,000,000 | ---D | C] -- C:\Users\Elsalila\AppData\Local\Scanahand
[2009/01/11 01:13:24 | 00,000,952 | ---- | C] () -- C:\Users\Elsalila\Desktop\Scanahand.lnk
[2009/01/11 01:13:22 | 00,165,016 | ---- | C] (High-Logic) -- C:\Windows\System32\FontInstaller.dll
[2009/01/11 01:13:20 | 00,000,000 | ---D | C] -- C:\Users\Elsalila\AppData\Roaming\Scanahand
[2009/01/11 01:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\High-Logic
[2008/12/21 23:37:26 | 00,444,997 | ---- | C] () -- C:\Users\Elsalila\Documents\lettre a elise.wma
[2008/12/21 22:20:08 | 00,278,867 | ---- | C] () -- C:\Users\Elsalila\Documents\kyyyyle .wma
[2008/12/21 22:13:19 | 00,307,329 | ---- | C] () -- C:\Users\Elsalila\Documents\kyle 1.mp3
[2008/12/20 19:02:33 | 00,000,855 | ---- | C] () -- C:\Users\Elsalila\Desktop\SvRec.lnk
[2008/12/20 19:02:33 | 00,000,000 | ---D | C] -- C:\Program Files\StepVoice Recorder
[2008/12/19 16:34:48 | 03,593,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/19 16:34:46 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/12/18 19:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2008/12/13 14:03:00 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/12/12 19:52:53 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/12/12 19:52:52 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/12/12 19:52:50 | 01,831,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2008/12/12 19:52:50 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/12/12 19:52:49 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2008/12/12 19:52:48 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/12/12 19:52:48 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2008/12/12 19:52:48 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2008/12/12 19:52:47 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2008/12/12 19:52:47 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2008/12/12 19:52:47 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2008/12/12 19:52:47 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2008/12/12 19:52:47 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2008/12/12 19:52:46 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2008/12/12 19:52:46 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/12/12 19:52:46 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2008/12/12 19:52:46 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2008/12/12 19:52:45 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2008/12/12 19:52:45 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/12/12 19:52:30 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2008/12/12 19:52:15 | 01,687,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/12/12 19:52:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/12/12 19:52:09 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/12/12 19:51:39 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/12/12 19:51:03 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/12/12 19:48:45 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2008/12/12 19:48:44 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2008/12/12 19:48:44 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2008/12/12 19:48:42 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2008/12/12 19:48:41 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2008/12/12 19:48:40 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2008/12/12 19:48:40 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2008/12/12 19:48:40 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2008/11/25 20:32:42 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2008/11/25 20:32:41 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2008/11/25 20:32:41 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2008/11/25 20:32:36 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2008/11/25 20:32:35 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/11/25 20:32:35 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2008/11/25 20:32:31 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2008/11/15 18:37:24 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2008/11/15 18:37:24 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/11/15 18:37:24 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2008/11/15 18:37:23 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2008/11/15 18:36:55 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2008/11/15 18:36:55 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2008/11/15 18:36:55 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2008/11/15 18:36:36 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/11/15 18:36:36 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files - Modified Within 60 Days ==========

[2009/01/12 21:39:10 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Elsalila\Desktop\OTViewIt.exe
[2009/01/12 21:33:22 | 00,000,526 | ---- | M] () -- C:\Users\Elsalila\Documents\Mes dossiers de partage.lnk
[2009/01/12 21:17:32 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/01/12 21:14:39 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/01/12 21:14:39 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/01/12 20:14:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/01/12 20:14:30 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/01/12 20:14:23 | 10,720,95232 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/12 20:14:21 | 00,748,322 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2009/01/12 20:05:50 | 02,923,761 | R--- | M] () -- C:\Users\Elsalila\Desktop\ComboFixx.exe
[2009/01/12 19:51:40 | 00,036,158 | ---- | M] () -- C:\Users\Elsalila\AppData\Roaming\nvModes.001
[2009/01/12 19:46:34 | 04,140,472 | -H-- | M] () -- C:\Users\Elsalila\AppData\Local\IconCache.db
[2009/01/12 19:46:26 | 00,024,695 | ---- | M] () -- C:\Users\Elsalila\Documents\virus tuto.odt
[2009/01/12 19:19:28 | 02,697,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Elsalila\Desktop\mbam-setup.exe
[2009/01/12 19:14:38 | 00,267,738 | ---- | M] () -- C:\Users\Elsalila\Documents\cc_20090112_191350.reg
[2009/01/12 19:07:41 | 00,001,670 | ---- | M] () -- C:\Users\Elsalila\Desktop\CCleaner.lnk
[2009/01/12 19:07:01 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Users\Elsalila\Desktop\ccsetup215.exe
[2009/01/12 18:56:51 | 00,001,688 | ---- | M] () -- C:\Users\Elsalila\Desktop\FindyKill.lnk
[2009/01/12 18:55:15 | 00,554,697 | ---- | M] () -- C:\Users\Elsalila\Desktop\FindyKill.exe
[2009/01/12 15:55:11 | 00,001,874 | ---- | M] () -- C:\Users\Elsalila\Desktop\HijackThis.lnk
[2009/01/12 04:17:37 | 00,068,096 | ---- | M] () -- C:\Users\Elsalila\Documents\txt courage.odt
[2009/01/12 02:48:34 | 00,015,680 | ---- | M] () -- C:\Users\Elsalila\Documents\elsa txt antivirus.odt
[2009/01/12 02:12:35 | 00,065,024 | ---- | M] () -- C:\Users\Elsalila\Documents\Elsa 120109.doc
[2009/01/11 23:53:58 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/01/11 16:55:56 | 00,036,158 | ---- | M] () -- C:\Users\Elsalila\AppData\Roaming\nvModes.dat
[2009/01/11 16:53:14 | 01,700,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/11 02:45:36 | 00,089,536 | ---- | M] () -- C:\Users\Elsalila\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/11 01:49:47 | 00,000,952 | ---- | M] () -- C:\Users\Elsalila\Desktop\Scanahand.lnk
[2009/01/10 21:28:59 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/01/06 03:37:51 | 00,113,152 | ---- | M] () -- C:\Users\Elsalila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 23:37:27 | 00,444,997 | ---- | M] () -- C:\Users\Elsalila\Documents\lettre a elise.wma
[2008/12/21 22:20:09 | 00,278,867 | ---- | M] () -- C:\Users\Elsalila\Documents\kyyyyle .wma
[2008/12/21 22:15:55 | 00,307,329 | ---- | M] () -- C:\Users\Elsalila\Documents\kyle 1.mp3
[2008/12/20 19:02:33 | 00,000,855 | ---- | M] () -- C:\Users\Elsalila\Desktop\SvRec.lnk
[2008/12/13 19:12:34 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2008/12/13 19:12:34 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2008/12/13 19:12:33 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/12 06:45:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/12 02:53:10 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/12/10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >



et le second :


OTViewIt Extras logfile created on: 12/01/2009 21:47:49 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Elsalila\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1021,81 Mb Total Physical Memory | 376,84 Mb Available Physical Memory | 36,88% Memory free
2,24 Gb Paging File | 1,37 Gb Available in Paging File | 61,07% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,01 Gb Total Space | 18,47 Gb Free Space | 18,10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-ELSALILA
Current User Name: Elsalila
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programmes\Internet Explorer\iexplore.exe File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
"FirewallDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2965552941-3572676909-1493365005-1003]
"EnableNotifications"=0
"EnableNotificationsRef"=2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Programmes\Bonjour\mdnsNSP.dll File not found

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
File not found C:\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
File not found C:\Programmes\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
File not found C:\Programmes\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
File not found C:\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
File not found C:\Programmes\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found C:\Programmes\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}"=DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony Video Shared Library
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{07181881-E9B4-4DF6-A845-CAAFD093E477}"=Microsoft Encarta 2007 - Études
"{07183840-959A-4B0D-8825-2C533F0DDB19}"=Microsoft Encarta Maths
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0C3483D4-8F07-466F-9463-7910F269B310}"=Steganos Security Suite 2007
"{14F3C48F-6333-4C18-A795-65B1DCE4F73A}"=VAIO Media
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}"=VAIO Original Screen Saver
"{1E0FF527-971B-4BBF-83D1-987E8DEE437D}"=OpenOffice.org 2.4
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}"=WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}"=VAIO Media AC3 Decoder 1.0
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email
"{25569723-DC5A-4467-A639-79535BF01B71}"=Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1"=ConvertHelper 2.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}"=Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}"=VAIO Cozy Orange Wallpaper
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}"=EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}"=EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D016005

Le rapport Extras.txt est incomplet. Reposte-le.

OTViewIt Extras logfile created on: 12/01/2009 21:47:49 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Elsalila\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1021,81 Mb Total Physical Memory | 376,84 Mb Available Physical Memory | 36,88% Memory free
2,24 Gb Paging File | 1,37 Gb Available in Paging File | 61,07% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,01 Gb Total Space | 18,47 Gb Free Space | 18,10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-ELSALILA
Current User Name: Elsalila
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programmes\Internet Explorer\iexplore.exe File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
"FirewallDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2965552941-3572676909-1493365005-1003]
"EnableNotifications"=0
"EnableNotificationsRef"=2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Programmes\Bonjour\mdnsNSP.dll File not found

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
File not found C:\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
File not found C:\Programmes\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
File not found C:\Programmes\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
File not found C:\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
File not found C:\Programmes\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
File not found C:\Programmes\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}"=DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony Video Shared Library
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{07181881-E9B4-4DF6-A845-CAAFD093E477}"=Microsoft Encarta 2007 - Études
"{07183840-959A-4B0D-8825-2C533F0DDB19}"=Microsoft Encarta Maths
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0C3483D4-8F07-466F-9463-7910F269B310}"=Steganos Security Suite 2007
"{14F3C48F-6333-4C18-A795-65B1DCE4F73A}"=VAIO Media
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}"=VAIO Original Screen Saver
"{1E0FF527-971B-4BBF-83D1-987E8DEE437D}"=OpenOffice.org 2.4
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}"=WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}"=VAIO Media AC3 Decoder 1.0
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email
"{25569723-DC5A-4467-A639-79535BF01B71}"=Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1"=ConvertHelper 2.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}"=Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}"=VAIO Cozy Orange Wallpaper
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}"=EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}"=EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}"=Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}"=Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=Browser Address Error Redirector
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}"=VAIO AV Mode Launcher
"{480DBB60-F0B6-45F2-B26F-1A2E11197791}"=Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{48820099-ED7D-424B-890C-9A82EF00656D}"=VAIO Update 3
"{4DFE2E11-824B-49A9-9077-49E8C849A07A}"=VAIO Video & Photo Suite
"{500162A0-4DD5-460A-BAFD-895AAE48C532}"=VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}"=
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}"=O&O Defrag Professional Edition
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{55B781F0-060E-11D4-99D7-00C04FCCB775}"=
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}"=VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}"=Outil de restauration de données VAIO
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}"=VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}"=Setting Utility Series
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}"=VAIO Photo 2007
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}"=SonicStage Mastering Studio
"{67EDD823-135A-4D59-87BD-950616D6E857}"=EPSON Copy Utility 3
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}"=VAIO Video & Photo Suite
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}"=Microsoft Works
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}"=VAIO Entertainment Platform
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings
"{75FF1600-6330-43FA-9022-E0835BF20778}"=Microsoft SQL Server VSS Writer
"{785EB1D4-ECEC-4195-99B4-73C47E187721}"=VAIO Media Integrated Server 6.0
"{7B741D95-E016-4676-AAB8-017CA684D9EA}"=VAIO Media Registration Tool
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}"=DSD Direct
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}"=Camera RAW Plug-In for EPSON Creativity Suite
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0016-040C-0000-0000000FF1CE}"=Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}"=Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}"=Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}"=Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-006E-040C-0000-0000000FF1CE}"=Microsoft Office Shared MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (French) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}"=Adobe Setup
"{934A3213-1CB6-4264-84A2-EE080C017BCA}"=VAIO Tender Green Wallpaper
"{97A96172-A963-4A37-9FFB-DA6805BB915A}"=VeohTV BETA
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}"=VAIO Aqua Breeze Wallpaper
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}"=Plugins SonicStage Mastering Studio
"{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}"=Microsoft SQL Server Native Client
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9E319E96-ED8E-4B01-9775-C521A1869A25}"=VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}"=Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Alps Pointing-device for VAIO
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 4.3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}"=Adobe Photoshop Elements 5.0
"{A947C2B3-7445-42C4-9063-EE704CACCB22}"=VAIO Hardware Diagnostics
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1036-7B44-A80000000002}"=Adobe Reader 8 - Français
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}"=Outil VAIO Media Registration 6.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistant de connexion Windows Live
"{B0255743-165B-4BD5-8DA8-37DFB9930012}"=Norton Ghost
"{B348E585-E872-41DF-8234-E2D49917CFBB}"=Les Indispensables Éducation pour Microsoft Office
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4D1A85D-FE27-41D1-A599-781F91F6B352}"=KaraWin Free
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}"=EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}"=Roxio Easy Media Creator Home
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BADF6744-3787-48F6-B8C9-4C4995401D65}"=Windows Live Messenger
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}"=Nokia Connectivity Cable Driver
"{BF794769-8875-4E01-B7BE-E00104604F4A}"=Adobe Photoshop CS3
"{C183A21C-395A-490F-99D4-CCAB35E32859}"=
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"{CF097717-F174-4144-954A-FBC4BF301036}"=Nero 7 Ultra Edition
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}"=SonicStage Mastering Studio Audio Filter
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E809063C-51A3-4269-8984-D1EB742F2151}"=Click to DVD 2.6.00
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}"=SonicStage Mastering Studio Audio Filter Custom Preset
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}"=Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}"=VAIO Event Service
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}"=
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}"=Vista Codec Package
"{FC37C108-821D-4EDE-8F40-D5B497586805}"=VAIO Control Center
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}"=Windows Live installer
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings
"{WBEncarta_8C203873-8A16-427A-A184-76B9DEEF56B1}"=Mise à jour Encarta_Les Indispensables Éducation
"7-Zip"=7-Zip 4.57
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5"=Adobe Photoshop Elements 5.0
"Adobe_32e9033392a51340b32fdc6ad893ab7"=Adobe Photoshop CS3
"aMSN"=aMSN 0.97.2
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200"=HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CX4300_5500_DX4400 Manuel"=CX4300_5500_DX4400 Manuel
"eMule"=eMule
"EPSON Printer and Utilities"=EPSON Logiciel imprimante
"EPSON Scanner"=EPSON Scan
"FindyKill"=FindyKill
"Free YouTube to Mp3 Converter_is1"=Free YouTube to Mp3 Converter version 2.5
"GTK 2.0"=Bibliothèques GTK+ 2.12.8 rev a (supprimer uniquement)
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}"=WinDVD for VAIO
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}"=VeohTV BETA
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"jv16 PowerTools_is1"=jv16 PowerTools 2007
"Le Corps humain Deluxe"=Le Corps humain Deluxe
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft SQL Server 2005"=Microsoft SQL Server 2005
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Multi Virus Cleaner 2008_is1"=Multi Virus Cleaner 2008
"NVIDIA Drivers"=NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01"=OpenMG Limited Patch 4.7-07-13-24-01
"Picasa2"=Picasa 2
"Pidgin"=Pidgin
"Scanahand1_is1"=Scanahand 1.0
"Scanahand2_is1"=Scanahand 2.0
"Skype_is1"=Skype 3.0
"Sony Ericsson Themes Creator"=Sony Ericsson Themes Creator 3.19
"StepVoice Recorder_is1"=StepVoice Recorder 1.4
"Uninstall_is1"=Uninstall 1.0.0.0
"VMidi"=vanBasco's Karaoke Player
"Winamp"=Winamp
"Your Uninstaller! 2006_is1"=Your Uninstaller! 2006 Version 5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/07/2008 12:32:31 | Computer Name = Pc-de-Elsalila | Source = Norton Ghost | ID = 100
Description = Erreur EC8F1C50 : Impossible de créer une sauvegarde de fichiers pour
l'opération : Sauvegarde des documents. Erreur E7D1000B : Impossible de créer le
répertoire 'G:/'. Erreur E7D10026 : Impossible de récupérer les attributs de 'G:/'.
Erreur EBAB03F1 : Le chemin d'accès spécifié est introuvable. Erreur E4BC0004 :
Impossible de sauvegarder le fichier C:/Users/Elsalila/Documents/amy mcdonald -
this is the life .mp3. Détails : 0xEBAB0005 Source : Norton Ghost

Error - 19/07/2008 12:32:18 | Computer Name = Pc-de-Elsalila | Source = VSS | ID = 8193
Description =

Error - 19/07/2008 12:32:18 | Computer Name = Pc-de-Elsalila | Source = VSS | ID = 12291
Description =

Error - 19/07/2008 12:32:24 | Computer Name = Pc-de-Elsalila | Source = Norton Ghost | ID = 100
Description = Erreur EC8F1C50 : Impossible de créer une sauvegarde de fichiers pour
l'opération : Sauvegarde des documents. Erreur E7D1000B : Impossible de créer le
répertoire 'G:/'. Erreur E7D10026 : Impossible de récupérer les attributs de 'G:/'.
Erreur EBAB03F1 : Le chemin d'accès spécifié est introuvable. Erreur E4BC0004 :
Impossible de sauvegarder le fichier C:/Users/Elsalila/Documents/amy mcdonald -
this is the life .mp3. Détails : 0xEBAB0005 Source : Norton Ghost

Error - 20/07/2008 12:32:05 | Computer Name = Pc-de-Elsalila | Source = VSS | ID = 8193
Description =

Error - 20/07/2008 12:32:05 | Computer Name = Pc-de-Elsalila | Source = VSS | ID = 12291
Description =

Error - 20/07/2008 12:32:09 | Computer Name = Pc-de-Elsalila | Source = Norton Ghost | ID = 100
Description = Erreur EC8F1C50 : Impossible de créer une sauvegarde de fichiers pour
l'opération : Sauvegarde des documents. Erreur E7D1000B : Impossible de créer le
répertoire 'G:/'. Erreur E7D10026 : Impossible de récupérer les attributs de 'G:/'.
Erreur EBAB03F1 : Le chemin d'accès spécifié est introuvable. Erreur E4BC0004 :
Impossible de sauvegarder le fichier C:/Users/Elsalila/Documents/amy mcdonald -
this is the life .mp3. Détails : 0xEBAB0005 Source : Norton Ghost

Error - 20/07/2008 13:00:19 | Computer Name = Pc-de-Elsalila | Source = Norton Ghost | ID = 100
Description = Erreur EC8F17B7 : Impossible de créer des points de récupération pour
l'opération : Sauvegarde de l'ordinateur. Erreur EC8F03ED : Impossible de créer
le point de récupération. Erreur E7D10026 : Impossible de récupérer les attributs
de 'G:/Norton Backups/'. Erreur EBAB03F1 : Le chemin d'accès spécifié est introuvable.
Détails
: 0xE7D10026 Source : Norton Ghost

Error - 20/07/2008 17:00:29 | Computer Name = Pc-de-Elsalila | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe, version 6.0.6000.16386, horodatage
0x4549adc4, module défaillant ntdll.dll, version 6.0.6000.16386, horodatage 0x4549bdc9,
code d’exception 0xc000000d, décalage d’erreur 0x000bc57d, ID du processus 0x460,
heure de début de l’application 0x01c8ea98b8af339f.

Error - 22/07/2008 19:16:16 | Computer Name = Pc-de-Elsalila | Source = Application Hang | ID = 1002
Description = Le programme emule.exe version 0.48.0.8 a cessé d’interagir avec Windows
et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles,
consultez l’historique du problème dans l’application Rapports et solutions aux
problèmes du Panneau de configuration. ID de processus : 4f4 Heure de début : 01c8ec342a40e5c4
Heure
de fin : 577

[ System Events ]
Error - 12/01/2009 14:52:00 | Computer Name = Pc-de-Elsalila | Source = PlugPlayManager | ID = 12
Description = Le périphérique 'Pilote BIOS de gestion de systèmes Microsoft' (Root\SYSTEM\0002)
a disparu du système sans que sa suppression ait tout d'abord été préparée.

Error - 12/01/2009 15:06:55 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%824 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%825

Version
chargée des signatures : 1.49.1455.0 Version chargée du moteur : 0.0.0.0

Error - 12/01/2009 15:06:58 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%825 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%826

Version
chargée des signatures : Version chargée du moteur :

Error - 12/01/2009 15:09:44 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%824 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%825

Version
chargée des signatures : 1.49.1455.0 Version chargée du moteur : 0.0.0.0

Error - 12/01/2009 15:09:46 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%825 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%826

Version
chargée des signatures : Version chargée du moteur :

Error - 12/01/2009 15:11:59 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%824 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%825

Version
chargée des signatures : 1.49.1455.0 Version chargée du moteur : 0.0.0.0

Error - 12/01/2009 15:12:01 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%825 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%826

Version
chargée des signatures : Version chargée du moteur :

Error - 12/01/2009 15:14:34 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%824 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%825

Version
chargée des signatures : 1.49.1455.0 Version chargée du moteur : 0.0.0.0

Error - 12/01/2009 15:14:36 | Computer Name = Pc-de-Elsalila | Source = WinDefend | ID = 2004
Description = %%827 a rencontré une erreur lors de la tentative de chargement des
signatures et va essayer de revenir à un jeu de signatures correct. Signatures essayées :
%%825 Code de l’erreur : 0x80092003 Description de l’erreur : Une erreur s'est produite
lors de la lecture ou de l'écriture dans un fichier. Signatures chargées : %%826

Version
chargée des signatures : 1.0.0.0 Version chargée du moteur : 1.1.1603.0

Error - 12/01/2009 15:14:39 | Computer Name = Pc-de-Elsalila | Source = Print | ID = 19
Description = Échec du spouleur d’impression pour partager l’imprimante EPSON Stylus
DX4400 Series avec le nom de la ressource partagée EPSON Stylus DX4400 Series.
Erreur 2114. L’imprimante n’est pas utilisable par d’autres personnes sur le réseau.


< End of report >

encore qqch a faire après ca? :$ (pr savoir si j'peux remettre un antivirus pr pas rester cme ca )

Bonsoir,

1) Télécharge Malwarebytes Anti-Malware.

- Installe-le et fais les mises à jour.


2) Lance MBAM :

- Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
- Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
- Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


3) Je te conseille grandement d'installer l'antivirus AntiVir.
Tu trouveras un tutorial sur Antivir depuis ce lien : http://www.malekal.com/tutorial_antivir.php

- Fais un scan complet de ton système.
- Poste le rapport de scan dans ta prochaine réponse.

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1647
Windows 6.0.6000

13/01/2009 0:51:13
mbam-log-2009-01-13 (00-51-13).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 182203
Temps écoulé: 1 hour(s), 40 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Avira AntiVir Personal
Date de création du fichier de rapport : mardi 13 janvier 2009 01:01

La recherche porte sur 1189198 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows Vista
Version de Windows :(plain) [6.0.6000]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :PC-DE-ELSALILA

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 2/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 4/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 23:57:41
ANTIVIR2.VDF : 7.1.1.88 726528 Bytes 8/01/2009 23:57:44
ANTIVIR3.VDF : 7.1.1.104 222208 Bytes 12/01/2009 23:57:45
Version du moteur: 8.2.0.54
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.24 340348 Bytes 12/01/2009 23:57:53
AESCN.DLL : 8.1.1.5 123251 Bytes 7/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 4/11/2008 13:58:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 12/01/2009 23:57:52
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/01/2009 23:57:51
AEHEUR.DLL : 8.1.0.78 1532280 Bytes 12/01/2009 23:57:50
AEHELP.DLL : 8.1.2.0 119159 Bytes 12/01/2009 23:57:48
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/01/2009 23:57:47
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 12/01/2009 23:57:46
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 9/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 4/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : mardi 13 janvier 2009 01:01

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VSSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mobsync.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'conime.exe' - '1' module(s) sont contrôlés
Processus de recherche 'usnsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés
Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Switcher.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VAIOUpdt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SPMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WUDFHost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VESMgrSub.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VzFw.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VzCdbSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'XAudio.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VCSW.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VESMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'stacsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlwriter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlbrowser.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SatSrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'oodag.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VProSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlservr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iviRegMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'E_S40RP7.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PhotoshopElementsFileAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'66' processus ont été contrôlés avec '66' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
[INFO] Veuillez relancer la recherche avec les droits d'administrateur
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
[INFO] Veuillez relancer la recherche avec les droits d'administrateur

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '36' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Users\Elsalila\Desktop\FindyKill.exe
[RESULTAT] Contient le modèle de détection du dropper DR/Tool.PsKill.K.40
[REMARQUE] Une copie de sécurité a été créée sous le nom 49da3d0f.qua ( QUARANTAINE )
[REMARQUE] Fichier supprimé.
C:\Users\Elsalila\Videos\mvc.zip
[0] Type d'archive: ZIP
--> setup.exe
[RESULTAT] Contient le modèle de détection du dropper DR/Fraud.MultiVirusCleaner.A
[REMARQUE] Une copie de sécurité a été créée sous le nom 49cf3ecf.qua ( QUARANTAINE )
[REMARQUE] Fichier supprimé.
C:\Users\Elsalila\Videos\mvc\setup.exe
[RESULTAT] Contient le modèle de détection du dropper DR/Fraud.MultiVirusCleaner.A
[REMARQUE] Une copie de sécurité a été créée sous le nom 49e03ec1.qua ( QUARANTAINE )
[REMARQUE] Fichier supprimé.


Fin de la recherche : mardi 13 janvier 2009 08:32
Temps nécessaire: 7:31:50 Heure(s)

La recherche a été effectuée intégralement

21235 Les répertoires ont été contrôlés
527201 Des fichiers ont été contrôlés
3 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
3 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
3 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
527196 Fichiers non infectés
4345 Les archives ont été contrôlées
4 Avertissements
3 Consignes

Bonsoir,

1) Désactive tes logiciels de protection


2) Télécharge OTMoveIt3 de OldTimer :

- Enregistre-le sur ton bureau
- Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
- Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :



- Ferme tous tes programmes et clique sur le bouton rouge Moveit! pour lancer le nettoyage
- Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
- Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...


3) Télécharge Winsock XP Fix et enregistre le sur ton bureau.


4) Télécharge LSPFix

- Lance LSPFix
- Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
- Coche la case "I know what I'm doing"
- Sélectionne toutes les instances des dll suivantes (s'il y en a, sinon ferme LSPfix) : mdnsnsp.dll

- Fais les glisser du panneau de gauche "keep" au panneau de droite "Remove".
- Clique sur le bouton "Finish". (Si elles sont déjà dans le panneau "Remove" alors clique directement sur le bouton "Finish".)


4b) En cas de mauvaise utilisation de LSPFix, la connexion à Internet peut être interrompue.

Si tu te trouves dans ce cas de figure, fais ceci :

- Ferme tous les programmes susceptibles d'utiliser la connexion internet. Lance Winsock XP Fix en double cliquant sur l'exécutable WinsockxpFix.exe.
- Cliquez sur le bouton Fix.
- A la question Apply The VB_Winsock Fix?, réponds Oui.
- A la fin de la réparation, un message va te demander de redémarrer le PC. Accepte en cliquant sur OK.

La connexion à Internet devrait être rétablie.


5) Télécharge JavaRa et suis les instructions de ce tutorial


6) Reposte un nouveau rapport HijackThis.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully.
Service Bonjour Service deleted successfully.
========== FILES ==========
C:\Users\Elsalila\A TRIER\W950I Und m600I Game And Software\W950i Game and Software\Game\maumau uiq3 p990 Keygen moved successfully.
C:\Users\Elsalila\Downloads\Scanahand 2.0 moved successfully.
C:\Program Files\Bonjour moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Elsalila\AppData\Local\Temp\sv6lh.tmp\sv6li.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elsalila\AppData\Local\Temp\etilqs_xNi0wgc2UdHkcjeoJpXv scheduled to be deleted on reboot.
File delete failed. C:\Users\Elsalila\AppData\Local\Temp\~DFA073.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JETE81C.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_220330

Files moved on Reboot...
C:\Users\Elsalila\AppData\Local\Temp\sv6lh.tmp\sv6li.tmp moved successfully.
File C:\Users\Elsalila\AppData\Local\Temp\etilqs_xNi0wgc2UdHkcjeoJpXv not found!
C:\Users\Elsalila\AppData\Local\Temp\~DFA073.tmp moved successfully.
File C:\Windows\temp\JETE81C.tmp not found!
C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Elsalila\AppData\Local\Mozilla\Firefox\Profiles\m1ayu8me.default\urlclassifier3.sqlite moved successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:08, on 13/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe
C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Elsalila\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSS2007 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"
O4 - HKLM\..\Run: [SSS2007 HotKeys] "C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"
O4 - HKLM\..\Run: [SSS2007 File Redirection Starter] "C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S3E38.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10791 bytes

Bonsoir,

C'est OK.


Suppression des outils

1) Télécharge ToolsCleaner2 de A.Rothstein et enregistre-le sur ton bureau.

- Double-clique sur ToolsCleaner2.exe pour lancer l'outil.

- Clique sur le bouton Recherche.
- Une fois la recherche terminée, clique sur le bouton Suppression.


2) Copie/colle le rapport et poste-le dans ta prochaine réponse.

Tu peux ensuite supprimer ToolCleaner.


3) Installe le Service Pack 1


Quelques conseils de sécurité


Je te conseille également la lecture de ce document.

Si tu désires mieux connaître le domaine de la sécurité informatique, je ne peux que t'encourager à visiter le site de Malekal_Morte.


Cordialement.

malgré mes multiples essais, à chaque fois que je lance la recherche de toolscleaner le programme ne répond plus

(les sites sur la sécurité sont mis en favoris je lirai ça avec attention merci bcp ^^ )

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Elsalila\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\Elsalila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\Elsalila\Desktop\HijackThis.exe: trouvé !
C:\Users\Elsalila\Desktop\Programmes antivirus,nettoyage et cie\LSPFix.exe: trouvé !
C:\Users\Elsalila\Desktop\Programmes antivirus,nettoyage et cie\OTMoveIt3.exe: trouvé !
C:\Users\Elsalila\Desktop\Programmes antivirus,nettoyage et cie\OTViewIt.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Elsalila\Desktop\HijackThis.exe: supprimé !
C:\Users\Elsalila\Desktop\Programmes antivirus,nettoyage et cie\LSPFix.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Users\Elsalila\Desktop\Programmes antivirus,nettoyage et cie\OTMoveIt3.exe: supprimé !
C:\Users\Elsalila\Desktop\Programmes antivirus,nettoyage et cie\OTViewIt.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
C:\Users\Elsalila\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\Users\Elsalila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !

Bonsoir,

C'est OK.

Supprime manuellement le dossier

Bonne continuation.

ok, mille mercis pr votre aide très précieuse en ts cas

Alors pour moi : tout pareil!!! Dois-je suivre la même procédure??

Et,dans la PAANIQUE, je manque à tous mes devoirs : BONSOIR A TOUS ET A TOUTES!!
et MERCI par avance de vos réponses!!

Et,dans la PAANIQUE, je manque à tous mes devoirs : BONSOIR A TOUS ET A TOUTES!!
et MERCI par avance de vos réponses!!

Et voilà mon rapport, en vous remerciant de vos réponses éclairées

############################## [ FindyKill V4.728 ]

# User : Propriétaire (Administrateurs) # FROMM-A8B4645D5
# Update on 13/05/09 by Chiquitine29
# Start at: 00:46:56 | 16/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 465,75 Go (451,73 Go free) # NTFS
# D:\ # Disque CD-ROM # 262,1 Mo (0 Mo free) [PandaSoft] # CDFS
# E:\ # Disque fixe local # 465,75 Go (451 Go free) # NTFS
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Propriétaire\Application Data\drivers\winupgro.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Propriétaire\Application Data\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\Propriétaire\Application Data\drivers\winupgro.exe" (240)
"C:\Documents and Settings\Propriétaire\Application Data\m\flec006.exe" (1460)
"C:\WINDOWS\system32\wintems.exe" (2204)

################## [ Fichiers / Dossiers infectieux ]

Found ! C:\WINDOWS\Prefetch\115718.EXE-05057DF9.pf
Found ! C:\WINDOWS\Prefetch\193531.EXE-30D6168E.pf
Found ! C:\WINDOWS\Prefetch\261968.EXE-38F29E11.pf
Found ! C:\WINDOWS\Prefetch\598687.EXE-0936FBA4.pf
Found ! C:\WINDOWS\Prefetch\694937.EXE-10172722.pf
Found ! C:\WINDOWS\Prefetch\869312.EXE-1B5DB19B.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-041A0D93.pf
Found ! C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-12E1791E.pf
Found ! C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-200DBF75.pf
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\drivers\down
Found ! "C:\Documents and Settings\Propri‚taire\Application Data\drivers"
Found ! "C:\Documents and Settings\Propri‚taire\Application Data\drivers\downld"
Found ! "C:\Documents and Settings\Propri‚taire\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Propri‚taire\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Propri‚taire\Application Data\m"
Found ! "C:\Documents and Settings\Propri‚taire\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Propri‚taire\Application Data\m\shared"

################## [ Infected Temp Files ]

Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1QGP22RK\b64_6[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\5KTE5CQ6\b64_1[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\FZ2R18PN\file[1].txt
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\FZ2R18PN\ieps[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\G1HI9A87\file[1].txt
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\GQIJUPLQ\b64_3[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JBJVW4G2\b64[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JBJVW4G2\file[1].txt
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\NLMJZZS0\b64[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\NTYKB4SF\b64[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\T94NKMKM\b64_1[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\T94NKMKM\b64_6[1].jpg
Found ! C:\Documents and Settings\Propri‚taire\Cookies\propri‚taire@crackdb[2].txt
Found ! C:\Documents and Settings\Propri‚taire\Cookies\propri‚taire@serial-kombi[3].txt
Found ! C:\Documents and Settings\Propri‚taire\Cookies\propri‚taire@www.cracks.me[2].txt
Found ! C:\Documents and Settings\Propri‚taire\Cookies\propri‚taire@www.cracksdata[1].txt
Found ! C:\Documents and Settings\Propri‚taire\Cookies\propri‚taire@www.newcracks[1].txt

################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-1390067357-436374069-1801674531-1003\Software\Local AppWizard-Generated Applications\install_crack
Found ! HKEY_USERS\S-1-5-21-1390067357-436374069-1801674531-1003\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_USERS\S-1-5-21-1390067357-436374069-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1390067357-436374069-1801674531-1003\Software\MuleAppData
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1390067357-436374069-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1390067357-436374069-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1390067357-436374069-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Recherche dans supports amovibles]

Found ! C:\InfoSat.txt
Found ! D:\autorun.inf

################## [ Registre / Mountpoints2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.728 ! ]

Et j'oublais : j'ai eu ce message d'erreur avant de finalement désinstaller Avast (bêtement....)
C:\Programe files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide

Alors, au final, je n'ai pas eue la patience d'attendre une réponse (surtout vue l'heure tardive de mon post...), donc j'ai exécuté findykill et lui ai demandé de supprimer les fichiers infectés.
Et là, , il a trouvé qlq chose au redémarrage et j'ai pu réinstaller Avast (à défaut de mieux) qui lui-même a détecté une sacrée floppée de saleté (et pourquoi pas avant alors ???). Je ne compte plus ouvrir les mails inconnus et autre Emule avant un sacré bout de temps, ç a m'apprendra!!!!!!!!!!!!
Encore merci!!!!

bonjour

kat67,

ne remontez pas de vieux sujets

stop de flooder dans un laps de temps si court

EDITION MODERATEUR : Règle du forum à respecter :

Créez vous votre propre sujet

Pas de rapport avant qu'il n'en soit demandé un

Veuillez lire l'article suivant :
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)

Merci d'en prendre connaissance.