Se connecter / S'enregistrer
Votre question

Virus trojan avec critical error

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Avril 2011 11:43:06

Bonjour,
j'ai un gros soucis j'arrives plus a ouvrir ni a voir le contenu de mon pc ainsi que je recois tout le temps le message critical error j'ai executer OTL il est en court de scan mais je ne sais pas quoi faire ensuite pourriez-vous m'aidez svp merci d'avance

Autres pages sur : virus trojan critical error

6 Avril 2011 12:05:02

j'ai ceci dans le rapport de OTL :
1 OTL.TXT
OTL logfile created on: 6/04/2011 11:24:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\EL BAKKALI\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,93 Gb Total Space | 40,31 Gb Free Space | 28,20% Space Free | Partition Type: NTFS
Drive D: | 6,12 Gb Total Space | 1,28 Gb Free Space | 20,96% Space Free | Partition Type: NTFS

Computer Name: PC-DE-ELBAKKALI | User Name: EL BAKKALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 11:20:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\EL BAKKALI\Desktop\OTL.com
PRC - [2011/04/06 00:54:39 | 000,167,936 | -H-- | M] () -- C:\Users\ELBAKK~1\AppData\Local\Temp\csrss.exe
PRC - [2011/04/06 00:53:44 | 000,173,568 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\dwm.exe
PRC - [2011/04/06 00:53:02 | 000,162,304 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Microsoft\conhost.exe
PRC - [2011/04/05 12:05:59 | 000,039,504 | -H-- | M] (Asstj Software) -- C:\Users\EL BAKKALI\AppData\Local\Temp\e.exe
PRC - [2011/04/05 12:05:51 | 000,479,232 | -H-- | M] () -- C:\ProgramData\47111944.exe
PRC - [2011/04/05 11:56:42 | 000,548,864 | -H-- | M] (GPA) -- C:\ProgramData\PIwSFCyCHeeP.exe
PRC - [2011/03/20 11:59:22 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/08/02 17:10:00 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 17:09:55 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/11 12:50:24 | 000,202,256 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/14 23:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | -H-- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/04/11 08:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/05/28 18:57:54 | 000,275,968 | -H-- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/04/23 18:11:42 | 000,262,243 | -H-- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/12 11:22:00 | 000,517,768 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/11/02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe


========== Modules (SafeList) ==========

MOD - [2011/04/06 11:20:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\EL BAKKALI\Desktop\OTL.com
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/03/11 12:55:44 | 000,118,784 | -H-- | M] (RealPlayer) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009/04/11 08:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (msav)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/03/20 11:59:22 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/02 17:10:00 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/06 13:38:06 | 000,071,096 | -H-- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/28 18:57:54 | 000,275,968 | -H-- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/23 18:11:44 | 000,106,593 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 18:11:42 | 000,262,243 | -H-- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/03/12 11:22:00 | 000,517,768 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)


========== Driver Services (SafeList) ==========

DRV - [2011/03/20 11:59:23 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/06 06:51:47 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/12 14:48:56 | 000,007,168 | -H-- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 14:14:28 | 000,112,144 | -H-- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/11/02 10:39:30 | 000,036,608 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/04/11 08:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/02/13 12:35:05 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 03:42:00 | 007,606,688 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/03 12:32:00 | 000,188,416 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/31 12:44:14 | 000,685,816 | -H-- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/07/10 07:27:56 | 000,008,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/12 04:30:52 | 000,160,768 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/03/07 06:15:58 | 001,059,112 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/17 01:50:32 | 000,012,032 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:03:28 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 18:40:20 | 000,042,496 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 10:24:58 | 000,008,192 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 09:54:00 | 000,009,472 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57798

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.0.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/05 17:15:50 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.630.0\firefox\extensions [2010/12/24 04:40:16 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/04/05 17:14:26 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/05 17:15:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/05 17:15:28 | 000,000,000 | -H-D | M]

[2010/09/18 21:21:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Extensions
[2009/02/26 00:35:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/06/28 17:43:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/09/18 21:21:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/04/04 22:27:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Firefox\Profiles\57y7l0gz.default\extensions
[2008/09/28 16:50:43 | 000,000,000 | -H-D | M] (FlashGot) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Firefox\Profiles\57y7l0gz.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(134)
[2011/04/05 17:16:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Firefox\Profiles\57y7l0gz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 17:16:18 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Firefox\Profiles\57y7l0gz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/05 17:16:18 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Firefox\Profiles\57y7l0gz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/05 17:16:18 | 000,000,000 | -H-D | M] (Black Steel) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Firefox\Profiles\57y7l0gz.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2011/04/05 17:16:18 | 000,000,000 | -H-D | M] (Illimitux) -- C:\Users\EL BAKKALI\AppData\Roaming\mozilla\Firefox\Profiles\57y7l0gz.default\extensions\illimitux@illimitux.net
[2011/04/04 22:27:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/04/05 17:15:27 | 000,000,000 | -H-D | M] (XUL Cache) -- C:\Program Files\mozilla firefox\extensions\{8F83E8AC-0EAA-4E00-A78B-902C2E356704}
[2011/04/05 17:15:27 | 000,000,000 | -H-D | M] (QuestBrowse) -- C:\Program Files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
[2008/06/30 23:02:00 | 000,663,072 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/03/03 19:23:50 | 000,001,516 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/03/03 19:23:50 | 000,001,822 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/03/03 19:23:50 | 000,000,757 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/06/09 21:52:18 | 000,002,224 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml
[2011/03/03 19:23:50 | 000,001,426 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/03/03 19:23:50 | 000,000,956 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Alcohol Toolbar Helper) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Alcohol Toolbar) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll ()
O3 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\..\Toolbar\WebBrowser: (Alcohol Toolbar) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [conhost] C:\Users\EL BAKKALI\AppData\Roaming\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000..\Run: [AutoStartNPSAgent] File not found
O4 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000..\Run: [PID] C:\Users\EL BAKKALI\AppData\Local\Temp\e.exe (Asstj Software)
O4 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000..\Run: [PIwSFCyCHeeP] C:\ProgramData\PIwSFCyCHeeP.exe (GPA)
O4 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000..\Run: [Sduxowopoze] C:\Users\EL BAKKALI\AppData\Local\GREXAL.dll (madshi.net)
F3 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000 WinNT: Load - (C:\Users\ELBAKK~1\AppData\Local\Temp\csrss.exe) - C:\Users\ELBAKK~1\AppData\Local\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - File not found
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows... (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-767401972-1586208379-3730656260-1000 Winlogon: Shell - (C:\Users\EL BAKKALI\AppData\Roaming\dwm.exe) - C:\Users\EL BAKKALI\AppData\Roaming\dwm.exe ()
O24 - Desktop WallPaper: C:\Users\EL BAKKALI\Saved Games\Pictures\Sample Pictures\candlelight_water_flame_fantasy.jpg
O24 - Desktop BackupWallPaper: C:\Users\EL BAKKALI\Saved Games\Pictures\Sample Pictures\candlelight_water_flame_fantasy.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{12ba85b0-733c-11dd-9a2e-001a73c93432}\Shell\AutoRun\command - "" = G:\swstd8ii.cmd
O33 - MountPoints2\{12ba85b0-733c-11dd-9a2e-001a73c93432}\Shell\explore\Command - "" = G:\swstd8ii.cmd
O33 - MountPoints2\{12ba85b0-733c-11dd-9a2e-001a73c93432}\Shell\open\Command - "" = G:\swstd8ii.cmd
O33 - MountPoints2\{1f8ee496-543a-11de-bcb1-001b24d4f289}\Shell\AutoRun\command - "" = G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lusrsh.exe
O33 - MountPoints2\{1f8ee496-543a-11de-bcb1-001b24d4f289}\Shell\open\command - "" = G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lusrsh.exe
O33 - MountPoints2\{32e46ffa-8c11-11df-a2b5-001b24d4f289}\Shell - "" = AutoRun
O33 - MountPoints2\{32e46ffa-8c11-11df-a2b5-001b24d4f289}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{3ef3eafb-3896-11de-a402-001a73c93432}\Shell\AutoRun\command - "" = G:\fbak.exe
O33 - MountPoints2\{3ef3eafb-3896-11de-a402-001a73c93432}\Shell\open\Command - "" = G:\fbak.exe
O33 - MountPoints2\{3ef3eb00-3896-11de-a402-001a73c93432}\Shell - "" = AutoRun
O33 - MountPoints2\{3ef3eb00-3896-11de-a402-001a73c93432}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{74682eab-b4ab-11dc-9901-806e6f6e6963}\Shell\AutoRun\command - "" = G:\kavzz.exe
O33 - MountPoints2\{9fc8d086-11a4-11de-a9f0-001b24d4f289}\Shell\AutoRun\command - "" = ytutujyituiuyujthjkithughjgh.exe
O33 - MountPoints2\{ab4c8800-479f-11dd-9119-001b24d4f289}\Shell\AutoRun\command - "" = G:\kavzz.exe
O33 - MountPoints2\{bd6c3421-701a-11dd-9f90-001b24d4f289}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{bd6c3421-701a-11dd-9f90-001b24d4f289}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{dbbad48d-80a4-11dd-8c4a-001b24d4f289}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{e43490ff-c3d4-11dd-97c2-001b24d4f289}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-22-4564031308-1609158761-021649731-2350\shellcfg.exe
O33 - MountPoints2\{e43490ff-c3d4-11dd-97c2-001b24d4f289}\Shell\open\command - "" = G:\RECYCLER\S-1-6-22-4564031308-1609158761-021649731-2350\shellcfg.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = kavzz.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^EL BAKKALI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - (Adobe Systems, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: amva - hkey= - key= - File not found
MsConfig - StartUpReg: ares - hkey= - key= - File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: EPSON Stylus DX4400 Series - hkey= - key= - File not found
MsConfig - StartUpReg: fdvmefvn - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\EL BAKKALI\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LiveSticker - hkey= - key= - File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: rs32net - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VoipBuster - hkey= - key= - File not found
MsConfig - State: "startup" - 2

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 10:58:18 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/04/06 10:35:43 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\EL BAKKALI\Desktop\OTL.com
[2011/04/05 12:06:20 | 000,000,000 | -H-D | C] -- C:\Users\EL BAKKALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
[2011/04/05 11:56:42 | 000,548,864 | -H-- | C] (GPA) -- C:\ProgramData\PIwSFCyCHeeP.exe
[2011/04/01 23:57:52 | 000,000,000 | -H-D | C] -- C:\Users\EL BAKKALI\Documents\My Received Files
[2011/04/01 23:56:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feu Vert pour le permis de conduire
[2011/04/01 23:56:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Feuvert
[2011/03/16 12:12:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google
[2011/03/12 19:07:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Ad Muncher
[2011/03/12 19:07:52 | 000,000,000 | -H-D | C] -- C:\Program Files\Ad Muncher
[2011/03/12 19:05:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
[2011/03/12 19:05:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Panicware
[2011/03/09 16:20:02 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 16:20:02 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 16:20:02 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 16:20:02 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2009/10/20 06:26:23 | 000,114,688 | -H-- | C] (madshi.net) -- C:\Users\EL BAKKALI\AppData\Local\GREXAL.dll
[2008/08/20 11:01:04 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\EL BAKKALI\AppData\Roaming\pcouffin.sys
[2007/12/18 19:55:55 | 001,491,592 | -H-- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2007/12/18 19:48:11 | 005,843,256 | -H-- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.11.exe
[7 C:\Users\EL BAKKALI\Desktop\*.tmp files -> C:\Users\EL BAKKALI\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 11:35:12 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4349570E-B4FF-4F8E-A830-1E2D74F77869}.job
[2011/04/06 11:21:09 | 000,001,096 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-767401972-1586208379-3730656260-1000UA.job
[2011/04/06 11:20:56 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\EL BAKKALI\Desktop\OTL.com
[2011/04/06 11:19:24 | 000,007,290 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\1E1D.588
[2011/04/06 11:18:13 | 000,001,062 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/06 11:18:13 | 000,001,058 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/06 11:15:24 | 000,000,148 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/06 11:13:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 11:13:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 11:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/06 11:06:36 | 000,002,855 | -H-- | M] () -- C:\Users\EL BAKKALI\Desktop\OTL.com - Raccourci.pif
[2011/04/06 10:38:53 | 000,798,862 | -H-- | M] () -- C:\Users\EL BAKKALI\Desktop\Comment supprimer des messages critical error - Securite-Virus.mht
[2011/04/06 01:21:01 | 000,001,044 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-767401972-1586208379-3730656260-1000Core.job
[2011/04/06 00:53:44 | 000,173,568 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\dwm.exe
[2011/04/06 00:37:18 | 000,009,852 | -HS- | M] () -- C:\Users\EL BAKKALI\AppData\Local\2tr4yndwvnsg0s521l3n643d
[2011/04/06 00:37:18 | 000,009,852 | -HS- | M] () -- C:\ProgramData\2tr4yndwvnsg0s521l3n643d
[2011/04/06 00:17:52 | 000,007,620 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Local\d3d9caps.dat
[2011/04/05 23:53:16 | 713,101,586 | -H-- | M] () -- C:\Users\EL BAKKALI\Desktop\Orgueil Et Prejuges.avi
[2011/04/05 13:19:30 | 000,679,766 | -H-- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/04/05 13:19:30 | 000,607,912 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/05 13:19:30 | 000,131,198 | -H-- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/04/05 13:19:30 | 000,109,438 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/05 13:14:58 | 000,113,274 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/04/05 13:14:03 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~47111944
[2011/04/05 12:47:27 | 000,000,400 | -H-- | M] () -- C:\ProgramData\47111944
[2011/04/05 12:28:28 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~47111944r
[2011/04/05 12:24:29 | 210,368,700 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/05 12:16:02 | 000,113,274 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/05 12:06:20 | 000,000,581 | -H-- | M] () -- C:\Users\EL BAKKALI\Desktop\Windows Restore.lnk
[2011/04/05 12:05:51 | 000,479,232 | -H-- | M] () -- C:\ProgramData\47111944.exe
[2011/04/05 11:56:42 | 000,548,864 | -H-- | M] (GPA) -- C:\ProgramData\PIwSFCyCHeeP.exe
[2011/04/04 18:39:17 | 000,000,155 | -H-- | M] () -- C:\Windows\NeroDigital.ini
[2011/04/04 00:44:32 | 000,226,816 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 00:08:19 | 000,000,096 | -H-- | M] () -- C:\Windows\permis.ini
[2011/04/01 23:56:49 | 000,001,650 | -H-- | M] () -- C:\Users\Public\Desktop\Feu vert pour le permis de conduire.lnk
[2011/03/30 20:00:07 | 000,002,945 | -H-- | M] () -- C:\Windows\System32\responseBody.xml
[2011/03/30 20:00:07 | 000,001,809 | -H-- | M] () -- C:\Windows\System32\requestBody.xml
[2011/03/30 20:00:07 | 000,000,795 | -H-- | M] () -- C:\Windows\System32\request.gzip
[2011/03/26 19:22:02 | 000,002,067 | -H-- | M] () -- C:\Users\EL BAKKALI\Desktop\Google Chrome.lnk
[2011/03/26 19:22:02 | 000,002,029 | -H-- | M] () -- C:\Users\EL BAKKALI\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/25 18:32:04 | 006,115,104 | -H-- | M] () -- C:\Users\EL BAKKALI\Desktop\DERNIER.jpg
[2011/03/20 23:34:04 | 000,001,748 | -H-- | M] () -- C:\Users\EL BAKKALI\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/20 23:34:04 | 000,001,724 | -H-- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/20 11:59:23 | 000,137,656 | -H-- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/03/16 12:20:23 | 000,001,892 | -H-- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/12 19:20:10 | 000,002,560 | -H-- | M] () -- C:\Windows\_MSRSTRT.EXE
[7 C:\Users\EL BAKKALI\Desktop\*.tmp files -> C:\Users\EL BAKKALI\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/06 11:00:31 | 000,002,855 | -H-- | C] () -- C:\Users\EL BAKKALI\Desktop\OTL.com - Raccourci.pif
[2011/04/06 10:38:45 | 000,798,862 | -H-- | C] () -- C:\Users\EL BAKKALI\Desktop\Comment supprimer des messages critical error - Securite-Virus.mht
[2011/04/06 00:53:44 | 000,173,568 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\dwm.exe
[2011/04/06 00:53:15 | 000,007,290 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\1E1D.588
[2011/04/06 00:18:03 | 000,009,852 | -HS- | C] () -- C:\Users\EL BAKKALI\AppData\Local\2tr4yndwvnsg0s521l3n643d
[2011/04/06 00:18:03 | 000,009,852 | -HS- | C] () -- C:\ProgramData\2tr4yndwvnsg0s521l3n643d
[2011/04/05 23:53:17 | 713,101,586 | -H-- | C] () -- C:\Users\EL BAKKALI\Desktop\Orgueil Et Prejuges.avi
[2011/04/05 12:24:29 | 210,368,700 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/05 12:06:31 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~47111944r
[2011/04/05 12:06:31 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~47111944
[2011/04/05 12:06:20 | 000,000,581 | -H-- | C] () -- C:\Users\EL BAKKALI\Desktop\Windows Restore.lnk
[2011/04/05 12:05:58 | 000,000,400 | -H-- | C] () -- C:\ProgramData\47111944
[2011/04/05 12:05:51 | 000,479,232 | -H-- | C] () -- C:\ProgramData\47111944.exe
[2011/04/01 23:56:49 | 000,001,650 | -H-- | C] () -- C:\Users\Public\Desktop\Feu vert pour le permis de conduire.lnk
[2011/04/01 23:56:49 | 000,000,096 | -H-- | C] () -- C:\Windows\permis.ini
[2011/03/25 18:32:46 | 006,115,104 | -H-- | C] () -- C:\Users\EL BAKKALI\Desktop\DERNIER.jpg
[2011/03/20 23:34:04 | 000,001,724 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/16 12:20:23 | 000,001,892 | -H-- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/16 12:20:23 | 000,001,804 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/16 12:13:24 | 000,001,062 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/16 12:13:21 | 000,001,058 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/12 19:20:10 | 000,002,560 | -H-- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/03 01:17:46 | 000,256,512 | -H-- | C] () -- C:\Windows\PEV.exe
[2011/03/03 01:17:46 | 000,089,088 | -H-- | C] () -- C:\Windows\MBR.exe
[2011/03/03 01:17:45 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2011/03/03 01:17:45 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2011/03/03 01:17:45 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2010/07/25 22:55:02 | 000,024,206 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\UserTile.png
[2010/06/19 17:16:33 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/19 16:54:30 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll
[2010/02/25 01:26:10 | 000,000,528 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/02/21 18:17:52 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/21 18:17:52 | 000,036,608 | -H-- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/12/01 00:08:48 | 000,000,036 | -H-- | C] () -- C:\Windows\cdplayer.ini
[2009/11/02 01:39:53 | 000,000,027 | -H-- | C] () -- C:\Windows\SmAudio.INI
[2009/10/23 20:04:25 | 000,235,007 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Local\fdvmefvn_nav.dat
[2009/10/23 20:04:25 | 000,003,425 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Local\fdvmefvn.dat
[2009/10/23 20:04:25 | 000,001,568 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Local\fdvmefvn_navps.dat
[2009/10/20 06:26:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 06:26:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 06:25:57 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/27 01:39:02 | 000,000,096 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Local\zfafql.bat
[2009/07/20 21:17:58 | 000,122,880 | -H-- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe
[2009/07/20 21:10:48 | 000,307,200 | -H-- | C] () -- C:\Windows\System32\InstallVCOM.exe
[2009/02/11 22:31:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\icf.exe.exe
[2009/02/11 22:31:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\fci.exe.exe
[2009/02/11 20:01:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\seneka.sys
[2009/02/11 20:00:09 | 000,000,059 | -H-- | C] () -- C:\Windows\System32\senekatevqxncb.dat
[2009/02/11 19:55:08 | 000,006,025 | -H-- | C] () -- C:\Windows\System32\senekaiqqccqnn.dat
[2008/12/31 18:04:42 | 000,691,560 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/31 18:04:42 | 000,528,744 | -H-- | C] () -- C:\Windows\System32\OGAVerify.exe
[2008/12/24 00:46:28 | 000,113,274 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/24 00:46:28 | 000,113,274 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008/12/15 22:21:35 | 000,000,029 | -H-- | C] () -- C:\Windows\DEBUGSM.INI
[2008/11/29 16:58:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/22 23:56:53 | 000,000,061 | -H-- | C] () -- C:\Windows\snow.ini
[2008/11/01 18:18:43 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/09/26 23:01:51 | 000,111,932 | -H-- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/09/26 23:01:51 | 000,031,053 | -H-- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/09/26 23:01:51 | 000,027,417 | -H-- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/09/26 23:01:51 | 000,026,154 | -H-- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/09/26 23:01:51 | 000,024,903 | -H-- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/09/26 23:01:51 | 000,021,390 | -H-- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/09/26 23:01:51 | 000,020,148 | -H-- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/09/26 23:01:51 | 000,011,811 | -H-- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/09/26 23:01:51 | 000,004,943 | -H-- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/09/26 23:01:51 | 000,001,146 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/09/26 23:01:51 | 000,001,139 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/09/26 23:01:51 | 000,001,139 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/09/26 23:01:51 | 000,001,136 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/09/26 23:01:51 | 000,001,129 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/09/26 23:01:51 | 000,001,129 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/09/26 23:01:51 | 000,001,120 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/09/26 23:01:51 | 000,001,107 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/09/26 23:01:51 | 000,001,104 | -H-- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/09/26 23:01:51 | 000,000,097 | -H-- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/26 22:59:17 | 000,000,027 | -H-- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2008/08/20 11:01:04 | 000,087,608 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\inst.exe
[2008/08/20 11:01:04 | 000,007,887 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\pcouffin.cat
[2008/08/20 11:01:04 | 000,001,144 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\pcouffin.inf
[2008/06/14 18:52:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/06/14 18:32:36 | 000,007,168 | -H-- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/05/14 22:57:10 | 000,004,096 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Local\keyfile3.drm
[2008/04/07 23:27:24 | 000,000,132 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\wklnhst.dat
[2008/03/08 23:52:35 | 000,163,028 | -H-- | C] () -- C:\Windows\System32\events.dat
[2008/02/02 15:54:21 | 000,000,155 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2008/01/13 16:10:15 | 000,007,620 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Local\d3d9caps.dat
[2007/12/21 20:24:51 | 000,226,816 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/21 01:08:56 | 000,000,493 | -H-- | C] () -- C:\Windows\ODBC.INI
[2007/12/18 23:34:51 | 004,114,344 | -H-- | C] () -- C:\Program Files\BitComet_0.81_setup.exe
[2007/12/18 20:23:12 | 009,733,451 | -H-- | C] () -- C:\Program Files\vlc-0.8.6d-win32.exe
[2007/12/18 19:51:49 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2007/12/18 01:26:33 | 000,028,314 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\nvModes.001
[2007/12/17 22:52:34 | 000,028,314 | -H-- | C] () -- C:\Users\EL BAKKALI\AppData\Roaming\nvModes.dat
[2007/08/18 17:39:51 | 000,111,332 | -H-- | C] () -- C:\Windows\hpqins13.dat
[2007/08/18 16:28:06 | 000,001,732 | -H-- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2006/11/02 17:48:33 | 000,679,766 | -H-- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 17:48:33 | 000,340,236 | -H-- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 17:48:33 | 000,131,198 | -H-- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 17:48:33 | 000,037,390 | -H-- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,340,280 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,607,912 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,109,438 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:21 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/10 02:58:00 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 14:06:00 | 000,016,480 | -H-- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 14:26:40 | 000,012,634 | -H-- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | -H-- | C] () -- C:\Windows\ADFUUD.SYS
[2003/04/01 11:58:02 | 000,005,260 | -H-- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/04/05 11:56:33 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Adobe
[2010/09/07 17:01:50 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Apple Computer
[2010/11/06 01:01:04 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Avira
[2009/03/04 22:53:43 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\AVS4YOU
[2010/04/17 19:26:17 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Canneverbe Limited
[2010/12/24 04:40:16 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\ClickPotatoLite
[2010/07/03 01:23:48 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\CrazyLoader
[2007/12/17 23:25:10 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\CyberLink
[2007/12/23 22:34:30 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\DivX
[2011/04/06 01:11:06 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\dvdcss
[2008/10/17 19:42:34 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\EPSON
[2009/02/26 00:35:45 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Flock
[2007/12/18 19:45:45 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Google
[2008/11/19 20:35:24 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\GTek
[2008/12/17 20:52:53 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Hewlett-Packard
[2007/12/17 23:25:02 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\HP
[2011/03/26 11:23:09 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\HpUpdate
[2007/12/17 23:11:33 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Identities
[2009/10/19 01:00:04 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\igraal
[2008/01/30 22:15:28 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\InstallShield
[2007/12/17 23:05:42 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Macromedia
[2006/11/02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Media Center Programs
[2011/04/06 00:53:02 | 000,000,000 | --SD | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Microsoft
[2011/04/05 17:16:18 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Move Networks
[2011/01/05 22:33:43 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Mozilla
[2007/12/31 11:19:07 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Nero
[2009/03/15 17:41:59 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\NeroDCTemplates
[2009/11/01 18:46:30 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Opera
[2011/03/02 23:59:56 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Paltalk
[2010/07/25 22:55:01 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\PeerNetworking
[2010/03/11 12:57:44 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Real
[2010/02/21 18:17:34 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Samsung
[2010/12/24 04:40:07 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\ShopperReports3
[2011/04/05 17:16:19 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Skype
[2011/03/23 17:06:54 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\skypePM
[2010/02/14 22:50:38 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\TeamViewer
[2008/04/07 23:27:25 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Template
[2010/11/20 08:48:25 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Tific
[2010/07/11 15:21:35 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\U3
[2011/04/05 17:16:19 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\VirtuaWin
[2010/06/28 17:49:21 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Vivox
[2011/04/06 01:12:09 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\vlc
[2009/11/14 15:27:57 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\VoipBuster
[2008/08/20 11:02:02 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Vso
[2008/12/13 17:21:13 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\Wallpaper
[2011/04/05 17:16:19 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\wbtooltb
[2007/12/31 11:09:07 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\WinRAR
[2011/04/05 17:16:19 | 000,000,000 | -H-D | M] -- C:\Users\EL BAKKALI\AppData\Roaming\XnView

< %APPDATA%\*.exe /s >
[2011/04/06 00:53:44 | 000,173,568 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\dwm.exe
[2008/08/20 11:01:04 | 000,087,608 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\inst.exe
[2011/04/05 12:00:59 | 000,000,000 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Adobe\plugs\mmc12.exe
[2011/04/05 11:56:54 | 000,000,000 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Adobe\plugs\mmc137.exe
[2011/04/05 11:56:49 | 000,000,000 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Adobe\plugs\mmc140.exe
[2011/04/05 12:00:59 | 000,000,000 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Adobe\plugs\mmc181.exe
[2011/04/06 00:53:02 | 000,162,304 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Microsoft\conhost.exe
[2011/02/03 04:09:15 | 000,143,973 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Move Networks\uninstall.exe
[2009/09/24 23:45:48 | 000,097,216 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2011/01/22 03:43:01 | 000,510,120 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\EL BAKKALI\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2010/03/25 12:08:26 | 013,407,072 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\Real\Update\setup3.13\chr\ChromeInstaller.exe
[2010/10/22 19:10:16 | 000,190,632 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\EL BAKKALI\AppData\Roaming\Real\Update\setup3.13\chr_helper\LaunchHelper.exe
[2010/05/13 13:09:52 | 000,220,272 | -H-- | M] (Google Inc.) -- C:\Users\EL BAKKALI\AppData\Roaming\Real\Update\setup3.13\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
[2010/10/22 19:10:16 | 000,190,632 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\EL BAKKALI\AppData\Roaming\Real\Update\setup3.13\gtb_helper\LaunchHelper.exe
[2010/12/11 01:10:08 | 026,444,432 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\EL BAKKALI\AppData\Roaming\Real\Update\setup3.13\rp\RealPlayer_fr.exe
[2006/12/07 10:45:12 | 000,110,592 | -H-- | M] () -- C:\Users\EL BAKKALI\AppData\Roaming\U3\temp\cleanup.exe
[2006/12/07 10:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\EL BAKKALI\AppData\Roaming\U3\temp\Launchpad Removal.exe
[2010/06/18 21:24:16 | 000,414,168 | -H-- | M] (Visicom Media Inc.) -- C:\Users\EL BAKKALI\AppData\Roaming\wbtooltb\wbbtool1_0dn.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/12/18 08:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007/12/31 12:44:14 | 000,685,816 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< >

< End of report >

2 extra .TXT :
OTL Extras logfile created on: 6/04/2011 11:24:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\EL BAKKALI\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,93 Gb Total Space | 40,31 Gb Free Space | 28,20% Space Free | Partition Type: NTFS
Drive D: | 6,12 Gb Total Space | 1,28 Gb Free Space | 20,96% Space Free | Partition Type: NTFS

Computer Name: PC-DE-ELBAKKALI | User Name: EL BAKKALI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-767401972-1586208379-3730656260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Parcourir avec XnView] -- "C:\Program Files\XnView\xnview.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B73A5DF-6010-4FD7-9E03-5EE8DE171569}" = lport=20687 | protocol=6 | dir=in | name=bitcomet 20687 tcp |
"{5E5D855D-AB42-4B5B-ABB6-6E1284128AE2}" = lport=20687 | protocol=17 | dir=in | name=bitcomet 20687 udp |
"{8FCE92F0-0951-48A5-AE1D-C160CC481C9B}" = lport=20687 | protocol=6 | dir=in | name=bitcomet 20687 tcp |
"{9137914A-88A2-47D1-AC1B-1E9A39A59C1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A053A67E-1163-4871-ADE3-49FE0C330A5B}" = lport=20687 | protocol=17 | dir=in | name=bitcomet 20687 udp |
"{F7F82EC5-274B-4E9C-A682-5C8FDC313FDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008423D5-30E9-4345-A2F9-BAC41DF1D688}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{0183AA0C-36FD-4899-9A55-00E623B1E621}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0506D2C9-970F-4FAA-85D3-B378351DA40D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{07149812-1CE5-457B-A37A-F01E1D666DB3}" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"{078E7D93-BEBD-4ADD-ACF3-62A0E2421FE5}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{0D0C28F6-12E6-4296-B75B-FC6F20F10C2E}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{23644C7C-556D-41E2-805A-FBAF310D40BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2998B650-04B0-4329-9605-86EDCE7AC686}" = protocol=17 | dir=in | app=c:\program files\samsung
a c 547 8 Sécurité
6 Avril 2011 16:20:00

Bonjour,

C’est un rogue, un faux utilitaire infectieux, de plus ton pc est bien pourri ...
Faudrait voir à faire un peu plus attention dans ton comportement ...


Préambule à toute désinfection :

La désinfection demande l'utilisation d'outils et de procédures plus ou moins complexes, sensibles et potentiellement dangereux.
Nous nous efforçons donc de traduire cela le plus clairement possible, néanmoins, il convient de respecter quelques conseils pour son bon déroulement :

  • Le PC infecté doit être utilisé le moins possible, mis à part pour les procédures et communiquer sur le forum.
  • Lis toujours l'intégralité des procédures avant de les entamer, ou sauvegarde-les (impression/ fichier texte).
    (En effet certaines circonstances pourraient t'empêcher de poursuivre la lecture, redémarrage de pc par exemple)
  • Réalise entièrement, précisément et dans l'ordre donné, les procédures demandées, sans cela tu risques de créer plus de problèmes que tu n'en résoudrais. Ne tente rien par toi-même sans nous en faire part avant !
  • N'hésite pas à poser toute question avant d'entamer les procédures, et rapporte immédiatement les problèmes rencontrés lors de celles-ci.



    1) Télécharge RogueKiller (de Tigzy) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur RogueKiller.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Une fois l'initialisation terminée, choisis l'option 2 et valide.
  • Laisse l'outil travailler.
  • Un rapport s'ouvrira, copie-colle son contenu dans ta prochaine réponse

    (S'il ne s'ouvre pas, il est enregistré sur le bureau : RKreport.txt)


    Concernant les rapports OTL, il ne sont pas en entier, fais ceci, un par lien (OTL.txt et Extra.txt) :
    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS