mon pc est infecté et je ne sais pas koi faire:((

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede fatma » 28 Déc 2008, 19:39

et finalement le rapport de OTListeIT2:
OTListIt logfile created on: 28-12-2008 19:19:55 - Run 2
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Fatma Hadj Ammar\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001C01 | Country: Tunisie | Language: ART | Date Format: dd-MM-yyyy

894.04 Mb Total Physical Memory | 483.84 Mb Available Physical Memory | 54.12% Memory free
1.80 Gb Paging File | 1.42 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 5.47 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAHADJAMMAR
Current User Name: Fatma Hadj Ammar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008-10-15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008-10-15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2005-01-17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
[2004-08-28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2005-12-11 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2006-03-16 12:58:00 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
[2008-04-14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006-08-01 10:57:00 | 01,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
[2006-05-19 11:13:00 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
[2005-08-03 15:09:12 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
[2007-07-11 15:09:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2008-06-28 12:28:01 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[2008-06-12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006-07-07 17:45:00 | 01,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
[2005-04-11 15:08:00 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[2008-04-11 06:58:58 | 02,577,840 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
[2005-09-09 10:01:09 | 09,818,112 | ---- | M] (Salaat Time - www.salaattime.com) -- C:\Program Files\Salaat Time\SalaatTime.exe
[2007-01-19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008-11-15 12:11:38 | 02,235,920 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
[2004-08-28 00:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
[2005-08-03 15:08:58 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[2007-02-19 15:53:52 | 00,251,576 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2001-10-02 19:17:22 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2001-10-02 19:17:22 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2008-12-21 11:59:57 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008-10-15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008-10-15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005-01-17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2004-08-28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007-06-29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007-05-16 13:48:56 | 00,228,208 | ---- | M] () -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2006-03-18 07:36:00 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006-04-01 16:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2005-12-12 00:40:44 | 01,414,656 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007-02-27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008-05-20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008-10-30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005-06-10 21:42:00 | 00,005,504 | ---- | M] (Quanta Computer Corp) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup [On_Demand | Running])
[2008-04-13 19:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008-04-13 19:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2008-04-13 19:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008-06-14 18:33:37 | 00,272,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008-04-13 19:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006-06-28 17:25:24 | 04,304,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2005-06-02 03:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2003-01-29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2007-12-17 11:11:56 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2001-10-02 19:18:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-02-23 05:29:52 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006-01-12 15:21:18 | 00,031,872 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr [On_Demand | Running])
[2005-05-05 13:27:38 | 00,007,936 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr [On_Demand | Running])
[2008-04-13 19:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2006-02-27 07:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004-08-03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007-11-13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005-08-10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005-05-16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005-11-03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2008-01-11 13:52:18 | 10,398,208 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3 [On_Demand | Stopped])
[2007-11-08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008-01-23 22:25:30 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Stopped])
[2008-04-13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis [On_Demand | Stopped])
[2001-10-02 19:19:36 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKU\S-1-5-21-1547161642-287218729-839522115-1003\S-1-5-21-1547161642-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-1547161642-287218729-839522115-1003\S-1-5-21-1547161642-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (246783 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 dle-news.ru
O1 - Hosts: 127.0.0.1 www.dle-news.ru
O1 - Hosts: 127.0.0.1 pc-soft.ru
O1 - Hosts: 127.0.0.1 www.pc-soft.ru
O1 - Hosts: 127.0.0.1 forum.pc-soft.ru
O1 - Hosts: 127.0.0.1 www.forum.pc-soft.ru
O1 - Hosts: 127.0.0.1 yandex.ru
O1 - Hosts: 127.0.0.1 www.yandex.ru
O1 - Hosts: 127.0.0.1 ya.ru
O1 - Hosts: 127.0.0.1 www.ya.ru
O1 - Hosts: 127.0.0.1 passport.yandex.ru
O1 - Hosts: 127.0.0.1 www.passport.yandex.ru
O1 - Hosts: 127.0.0.1 mail.yandex.ru
O1 - Hosts: 127.0.0.1 www.mail.yandex.ru
O1 - Hosts: 127.0.0.1 nulled.ws
O1 - Hosts: 127.0.0.1 www.nulled.ws
O1 - Hosts: 127.0.0.1 layer-ads.de
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 plati.ru
O1 - Hosts: 127.0.0.1 www.plati.ru
O1 - Hosts: 127.0.0.1 digiseller.ru
O1 - Hosts: 127.0.0.1 www.digiseller.ru
O1 - Hosts: 127.0.0.1 binural.ru
O1 - Hosts: 8569 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKCU..\Run: [mmva] C:\WINDOWS\system32\mmvo.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe (Salaat Time - www.salaattime.com)
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [mmva] C:\WINDOWS\system32\mmvo.exe ()
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe (Salaat Time - www.salaattime.com)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0



O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0



O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 38 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..Trusted Sites: 38 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Reg Error: Value does not exist or could not be read.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - skype4com - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler: - x-mem1 - C:\WINDOWS\system32\wowctl2.dll (EzTools Software)
O18 - Protocol\Handler: - x-mem3 - C:\WINDOWS\system32\eztoolslib2.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007-07-27 10:24:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [;pe | [AutoRun] | ;iscK0o1Lsar2AK | open=x6rlc0.exe | ;0kKiowsisqi982dkDps7sfcd14lSjrww4qS0ld24a2Li9330w5kLZA2I1iLSalK2LAa7Lrk32waKSilsd | shell\open\Command=x6rlc0.exe | ;e2a4D8kddw87ewpir7ikdlLL34Jws3wsoDkaw9Dooq54a4sdlJ2p9aDi | shell\open\Default=1 | ;0KK2rAsAsia3k8cso1Dwdw3ioKDKr5w4w2l1913oDAiZa4iJ9AaKldqqe7lJ1022wkkdae3DjlD4Dsik0a5oris2e3i | shell\explore\Command=x6rlc0.exe | ;9aq04aKwL37K56sorksocDK2iAjJ413Z2DlejSekk23AiKai512edkpdilHorwws45024033da34sCqlDj1kk2KkwiaXLawi9slqJ4wSAl2LajAIKLifowZJjw2Die | ]
[2008-12-28 19:20:02 | 00,000,503 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f222dd-e3b9-11dc-a8bc-001636fdb91d}\Shell\Auto\command]
"" = sal.xls.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{158e74e5-8791-11dc-bc28-001636fdb91d}\Shell]
"" = AutoRun



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64688937-2640-11dd-a1be-001636fdb91d}\Shell\AutoRun\command]
"" = E:\x6rlc0.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64688937-2640-11dd-a1be-001636fdb91d}\Shell\explore\Command]
"" = E:\x6rlc0.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64688937-2640-11dd-a1be-001636fdb91d}\Shell\open\Command]
"" = E:\x6rlc0.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{883758ce-e21c-11dc-a8b2-001636fdb91d}\Shell\AutoRun\command]
"" = F:\setupSNK.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da753626-3f40-11dc-bb9a-001636fdb91d}\Shell\AutoRun\command]
"" = E:\x6rlc0.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da753626-3f40-11dc-bb9a-001636fdb91d}\Shell\explore\Command]
"" = E:\x6rlc0.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da753626-3f40-11dc-bb9a-001636fdb91d}\Shell\open\Command]
"" = E:\x6rlc0.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0d0cd-e45e-11dc-a8bf-001636fdb91d}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0e6b7-e45e-11dc-a8bf-001636fdb91d}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0e6b7-e45e-11dc-a8bf-001636fdb91d}\Shell\Auto\command]
"" = boot.exe


========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de و بعد اني الممضي اسفله فاطمة الحاج عمار من مواليد 25 جويلية 1986 بالنستير صاحبة بطاقة التعريف الوطنية عدد 06879952 متحصلة على شهادة الجامعية للتكنولوجيا في الاتصالات سنة2008 من المعهد العالي ل.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de ? ??? ??? ?????? ????? ????? ????? ???? ?? ?????? 25 ?????? 1986 ???????? ????? ????? ??????? ??????? ??? 06879952 ?????? ??? ????? ???????? ??????????? ?? ????????? ???2008 ?? ?????? ?????? ?.doc
[2008-12-28 19:08:47 | 00,120,417 | RHS- | C] () -- C:\x6rlc0.exe
[2008-12-28 18:58:09 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTMoveIt3.exe
[2008-12-28 18:58:09 | 00,342,717 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ToolBarSD.exe
[2008-12-28 18:58:08 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe
[2008-12-28 18:56:01 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\reparlsa.reg
[2008-12-28 18:48:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Application Data\Malwarebytes
[2008-12-28 18:48:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008-12-28 18:48:32 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008-12-28 18:48:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008-12-28 18:48:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008-12-28 18:48:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008-12-28 15:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\cours.php_fichiers
[2008-12-28 15:16:35 | 00,040,089 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\cours.php.htm
[2008-12-28 15:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Irriga_ar_fichiers
[2008-12-28 15:03:30 | 00,048,233 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Irriga_ar.htm
[2008-12-28 14:53:47 | 00,091,693 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\بداية تاريخ الحضارة الإسلامية.. 'القيروان' منبر العلم والعلماء بالمغرب العربى.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ????? ??????? ?????????.. '????????' ???? ????? ???????? ??????? ??????.htm
[2008-12-28 14:53:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\بداية تاريخ الحضارة الإسلامية.. 'القيروان' منبر العلم والعلماء بالمغرب العربى_fichiers
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ????? ??????? ?????????.. '????????' ???? ????? ???????? ??????? ??????_fichiers
[2008-12-28 14:52:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\القروان_fichiers
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????_fichiers
[2008-12-28 14:52:13 | 00,031,725 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\القروان.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????.htm
[2008-12-28 09:53:15 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\mbam-setup.exe
[2008-12-28 01:20:51 | 00,002,983 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\avatar238675_6.gif.jpg
[2008-12-28 00:30:24 | 00,084,847 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n772762811_1661322_2334.jpg
[2008-12-28 00:30:14 | 00,024,595 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1606447492_28582_6526.jpg
[2008-12-28 00:30:04 | 00,054,545 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n868710034_4677359_3239.jpg
[2008-12-26 20:37:18 | 00,066,048 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Constitution_Tunisia.doc
[2008-12-26 12:40:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\وزارة التربية و التكوين.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ??????? ? ???????.doc
[2008-12-26 12:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\tunisiasat
[2008-12-25 21:37:32 | 00,471,833 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Star sghar.3gp
[2008-12-25 21:22:38 | 00,137,682 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\s4Z93788.gif
[2008-12-25 21:22:00 | 00,072,341 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\81881249[2].jpg
[2008-12-25 21:16:08 | 00,046,353 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\0025mf7.gif
[2008-12-24 21:35:13 | 00,203,806 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Photo029.jpg
[2008-12-24 21:15:54 | 00,032,396 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ffff.JPG
[2008-12-24 18:16:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Command and Conquer Generals Zero Hour Data
[2008-12-24 18:12:03 | 00,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals Zero Hour .lnk
[2008-12-24 18:04:28 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals.lnk
[2008-12-24 17:02:43 | 00,000,503 | RHS- | C] () -- C:\autorun.inf
[2008-12-24 16:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Nouveau dossier
[2008-12-24 15:25:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\etswaer et fichier
[2008-12-21 20:30:17 | 00,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008-12-21 20:30:01 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008-12-21 20:30:01 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008-12-21 20:30:01 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008-12-21 20:29:56 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008-12-21 20:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008-12-21 19:50:19 | 00,087,040 | RHS- | C] () -- C:\WINDOWS\System32\mmvo0.dll
[2008-12-21 19:50:18 | 00,120,417 | RHS- | C] () -- C:\WINDOWS\System32\mmvo.exe
[2008-12-21 12:35:50 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008-12-21 12:31:19 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2008-12-21 12:16:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008-12-20 18:56:41 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\HijackThis.lnk
[2008-12-20 18:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008-12-20 12:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008-12-16 18:25:18 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008-12-16 18:10:35 | 00,000,146 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\KAV_RC.ini
[2008-12-16 18:10:33 | 00,505,344 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\KAV_Registry_Clean.exe
[2008-12-16 18:10:33 | 00,098,522 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Do_list.dat
[2008-12-15 14:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\TP OG P 4&5 (Raif El Hadj Ammar)textile3 chimie 1
[2008-12-13 18:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
[2008-12-13 08:26:50 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Nouveau Document Microsoft Office Word 97 - 2003.doc
[2008-12-10 20:28:28 | 00,000,000 | ---D | C] -- C:\meta
[2008-12-06 00:36:04 | 00,001,601 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Quake III Arena.lnk
[2008-12-06 00:35:26 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2008-12-06 00:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\Quake III Arena
[2008-12-06 00:31:12 | 00,000,897 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2008-12-05 22:56:34 | 00,000,878 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\TmNations.lnk
[2008-12-05 22:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\TrackMania Nations ESWC
[2008-12-05 22:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\trackmania
[2008-12-05 21:25:46 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Counter-Strike 1.6.lnk
[2008-12-05 21:22:13 | 00,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2008-12-05 19:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP5
[2008-12-05 19:26:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP4
[2008-12-05 19:26:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP3
[2008-12-04 21:59:41 | 00,000,068 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\listen.pls
[2008-12-03 19:47:38 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1dc299.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de و بعد اني الممضي اسفله فاطمة الحاج عمار من مواليد 25 جويلية 1986 بالنستير صاحبة بطاقة التعريف الوطنية عدد 06879952 متحصلة على شهادة الجامعية للتكنولوجيا في الاتصالات سنة2008 من المعهد العالي ل.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de ? ??? ??? ?????? ????? ????? ????? ???? ?? ?????? 25 ?????? 1986 ???????? ????? ????? ??????? ??????? ??? 06879952 ?????? ??? ????? ???????? ??????????? ?? ????????? ???2008 ?? ?????? ?????? ?.doc
[2008-12-28 19:22:57 | 00,000,503 | RHS- | M] () -- C:\autorun.inf
[2008-12-28 19:08:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-12-28 19:08:35 | 00,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2008-12-28 19:08:20 | 00,087,040 | RHS- | M] () -- C:\WINDOWS\System32\mmvo0.dll
[2008-12-28 19:07:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-12-28 19:07:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-12-28 19:06:37 | 12,885,088 | -H-- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\IconCache.db
[2008-12-28 18:56:01 | 00,000,131 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\reparlsa.reg
[2008-12-28 18:48:32 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008-12-28 18:42:32 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Mes dossiers de partage.lnk
[2008-12-28 15:56:28 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-28 15:16:40 | 00,040,089 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\cours.php.htm
[2008-12-28 15:03:31 | 00,048,233 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Irriga_ar.htm
[2008-12-28 14:53:56 | 00,091,693 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\بداية تاريخ الحضارة الإسلامية.. 'القيروان' منبر العلم والعلماء بالمغرب العربى.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ????? ??????? ?????????.. '????????' ???? ????? ???????? ??????? ??????.htm
[2008-12-28 14:52:50 | 00,031,725 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\القروان.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????.htm
[2008-12-28 09:52:28 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\mbam-setup.exe
[2008-12-28 01:22:58 | 00,281,600 | -HS- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Thumbs.db
[2008-12-28 01:20:52 | 00,002,983 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\avatar238675_6.gif.jpg
[2008-12-28 00:30:25 | 00,084,847 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n772762811_1661322_2334.jpg
[2008-12-28 00:30:15 | 00,024,595 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1606447492_28582_6526.jpg
[2008-12-28 00:30:05 | 00,054,545 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n868710034_4677359_3239.jpg
[2008-12-26 20:37:20 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Constitution_Tunisia.doc
[2008-12-26 17:16:52 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2008-12-26 12:40:33 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\وزارة التربية و التكوين.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ??????? ? ???????.doc
[2008-12-25 21:22:39 | 00,137,682 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\s4Z93788.gif
[2008-12-25 21:22:00 | 00,072,341 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\81881249[2].jpg
[2008-12-25 21:16:09 | 00,046,353 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\0025mf7.gif
[2008-12-25 10:59:17 | 00,090,856 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008-12-25 10:57:38 | 00,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-12-24 21:35:15 | 00,203,806 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Photo029.jpg
[2008-12-24 21:15:54 | 00,032,396 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ffff.JPG
[2008-12-24 18:16:13 | 00,000,984 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2008-12-24 18:12:03 | 00,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals Zero Hour .lnk
[2008-12-24 18:04:28 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals.lnk
[2008-12-21 20:30:17 | 00,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008-12-21 12:17:58 | 00,120,417 | RHS- | M] () -- C:\x6rlc0.exe
[2008-12-21 12:17:58 | 00,120,417 | RHS- | M] () -- C:\WINDOWS\System32\mmvo.exe
[2008-12-21 12:09:33 | 00,342,717 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ToolBarSD.exe
[2008-12-21 12:02:02 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTMoveIt3.exe
[2008-12-21 11:59:57 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe
[2008-12-20 18:56:41 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\HijackThis.lnk
[2008-12-20 12:28:24 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008-12-19 21:23:36 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-18 21:34:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-15 14:55:27 | 00,000,085 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008-12-13 08:37:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008-12-13 08:37:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008-12-13 08:29:12 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Nouveau Document Microsoft Office Word 97 - 2003.doc
[2008-12-12 18:02:12 | 03,088,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-12 18:02:12 | 03,088,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008-12-06 00:36:04 | 00,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Quake III Arena.lnk
[2008-12-06 00:35:26 | 00,000,897 | ---- | M] () -- C:\WINDOWS\Qiii.INI
[2008-12-05 22:56:34 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\TmNations.lnk
[2008-12-05 21:25:46 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Counter-Strike 1.6.lnk
[2008-12-04 21:59:41 | 00,000,068 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\listen.pls
[2008-12-03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008-12-03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008-12-03 19:47:42 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1dc299.doc
[2008-12-02 20:55:20 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2008-11-29 18:48:44 | 00,471,833 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Star sghar.3gp

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable
<End>
voila tous les rapports, et merci d'avance
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede nickW » 29 Déc 2008, 01:44

Bonsoir,

La suite:

Au vu de la longueur de la procédure, je te conseille de l'imprimer ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: OTMoveIt3 (de OldTimer)

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=-
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"=-
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
"{8B79EE88-E62D-4AA8-B530-CC357BA112B7}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"mmva"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000000
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f222dd-e3b9-11dc-a8bc-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{158e74e5-8791-11dc-bc28-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64688937-2640-11dd-a1be-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da753626-3f40-11dc-bb9a-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0d0cd-e45e-11dc-a8bf-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0e6b7-e45e-11dc-a8bf-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}]

:Files
C:\Program Files\MyWebSearch
C:\WINDOWS\system32\PAKRstwa.ini
C:\WINDOWS\system32\PAKRstwa.ini2
C:\WINDOWS\system32\SsCbHRqr.ini
C:\WINDOWS\system32\SsCbHRqr.ini2
C:\WINDOWS\system32\mmvo.exe
C:\autorun.inf
C:\x6rlc0.exe
C:\WINDOWS\System32\mmvo.exe
C:\WINDOWS\System32\mmvo0.dll
c:\boot.exe

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-3.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Désactivation des programmes de sécurité résidents
Désactiver les programmes de protection résidents (Antivirus).
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "AntiVir Guard enable"


Étape 3: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTMI-3.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved" Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 4: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 5: Réactivation des programmes de sécurité résidents
Réactiver les programmes de protection résidents (Antivirus).


Étape 6: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTListIt2.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt2 (contenu du fichier OTListIt2.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede fatma » 29 Déc 2008, 09:35

bonjour ;)

commençant par le rapport de OTMoveIt3:
Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{8B79EE88-E62D-4AA8-B530-CC357BA112B7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B79EE88-E62D-4AA8-B530-CC357BA112B7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mmva deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000000 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f222dd-e3b9-11dc-a8bc-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{158e74e5-8791-11dc-bc28-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64688937-2640-11dd-a1be-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da753626-3f40-11dc-bb9a-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0d0cd-e45e-11dc-a8bf-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0e6b7-e45e-11dc-a8bf-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\\ not found.
========== FILES ==========
C:\Program Files\MyWebSearch\SrchAstt\1.bin moved successfully.
C:\Program Files\MyWebSearch\SrchAstt moved successfully.
C:\Program Files\MyWebSearch\bar\1.bin moved successfully.
C:\Program Files\MyWebSearch\bar moved successfully.
C:\Program Files\MyWebSearch moved successfully.
File/Folder C:\WINDOWS\system32\PAKRstwa.ini not found.
File/Folder C:\WINDOWS\system32\PAKRstwa.ini2 not found.
File/Folder C:\WINDOWS\system32\SsCbHRqr.ini not found.
File/Folder C:\WINDOWS\system32\SsCbHRqr.ini2 not found.
C:\WINDOWS\system32\mmvo.exe moved successfully.
C:\autorun.inf moved successfully.
C:\x6rlc0.exe moved successfully.
File/Folder C:\WINDOWS\System32\mmvo.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mmvo0.dll
C:\WINDOWS\System32\mmvo0.dll NOT unregistered.
C:\WINDOWS\System32\mmvo0.dll moved successfully.
File/Folder c:\boot.exe not found.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\DOCUME~1\FATMAH~1\LOCALS~1\Temp\~DFD54.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12292008_091533

Files moved on Reboot...
C:\DOCUME~1\FATMAH~1\LOCALS~1\Temp\~DFD54.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
a suivre ;
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede fatma » 29 Déc 2008, 09:38

puis le log de Malwarebytes:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1565
Windows 5.1.2600 Service Pack 3

29-12-2008 9:24:55
mbam-log-2008-12-29 (09-24-55).txt

Type de recherche: Examen rapide
Eléments examinés: 56298
Temps écoulé: 4 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\ossgjds.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3ad8e867.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3ad8e867.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
a suivre ;
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede fatma » 29 Déc 2008, 09:39

le rapport principal de OTListIt2:
OTListIt logfile created on: 29-12-2008 9:28:25 - Run 3
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Fatma Hadj Ammar\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001C01 | Country: Tunisie | Language: ART | Date Format: dd-MM-yyyy

894.04 Mb Total Physical Memory | 448.29 Mb Available Physical Memory | 50.14% Memory free
1.80 Gb Paging File | 1.41 Gb Available in Paging File | 78.07% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 5.33 Gb Free Space | 7.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAHADJAMMAR
Current User Name: Fatma Hadj Ammar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008-10-15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005-12-11 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2006-03-16 12:58:00 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
[2008-04-14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006-08-01 10:57:00 | 01,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
[2008-10-15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2006-05-19 11:13:00 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
[2005-08-03 15:09:12 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
[2007-07-11 15:09:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2008-06-28 12:28:01 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[2008-06-12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006-07-07 17:45:00 | 01,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
[2005-04-11 15:08:00 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[2008-04-11 06:58:58 | 02,577,840 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
[2005-09-09 10:01:09 | 09,818,112 | ---- | M] (Salaat Time - www.salaattime.com) -- C:\Program Files\Salaat Time\SalaatTime.exe
[2007-01-19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2005-01-17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
[2008-11-15 12:11:38 | 02,235,920 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
[2008-04-23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2004-08-28 00:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
[2004-08-28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2008-04-14 03:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008-04-14 03:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2005-08-03 15:08:58 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[2007-02-19 15:53:52 | 00,251,576 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
[2008-10-18 18:38:02 | 00,347,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008-12-21 11:59:57 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

========== (O23) Win32 Services (SafeList) ==========

[2008-10-15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008-10-15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005-01-17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2004-08-28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007-06-29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007-05-16 13:48:56 | 00,228,208 | ---- | M] () -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2006-03-18 07:36:00 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006-04-01 16:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2005-12-12 00:40:44 | 01,414,656 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007-02-27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008-05-20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008-10-30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005-06-10 21:42:00 | 00,005,504 | ---- | M] (Quanta Computer Corp) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup [On_Demand | Running])
[2008-04-13 19:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008-04-13 19:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2008-04-13 19:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008-06-14 18:33:37 | 00,272,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008-04-13 19:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006-06-28 17:25:24 | 04,304,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2005-06-02 03:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2003-01-29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2007-12-17 11:11:56 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2001-10-02 19:18:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-02-23 05:29:52 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006-01-12 15:21:18 | 00,031,872 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr [On_Demand | Running])
[2005-05-05 13:27:38 | 00,007,936 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr [On_Demand | Running])
[2008-04-13 19:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2006-02-27 07:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004-08-03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007-11-13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005-08-10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005-05-16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005-11-03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2008-01-11 13:52:18 | 10,398,208 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3 [On_Demand | Stopped])
[2007-11-08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008-01-23 22:25:30 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Stopped])
[2008-04-13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis [On_Demand | Stopped])
[2001-10-02 19:19:36 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKU\S-1-5-21-1547161642-287218729-839522115-1003\S-1-5-21-1547161642-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-1547161642-287218729-839522115-1003\S-1-5-21-1547161642-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (246783 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 dle-news.ru
O1 - Hosts: 127.0.0.1 www.dle-news.ru
O1 - Hosts: 127.0.0.1 pc-soft.ru
O1 - Hosts: 127.0.0.1 www.pc-soft.ru
O1 - Hosts: 127.0.0.1 forum.pc-soft.ru
O1 - Hosts: 127.0.0.1 www.forum.pc-soft.ru
O1 - Hosts: 127.0.0.1 yandex.ru
O1 - Hosts: 127.0.0.1 www.yandex.ru
O1 - Hosts: 127.0.0.1 ya.ru
O1 - Hosts: 127.0.0.1 www.ya.ru
O1 - Hosts: 127.0.0.1 passport.yandex.ru
O1 - Hosts: 127.0.0.1 www.passport.yandex.ru
O1 - Hosts: 127.0.0.1 mail.yandex.ru
O1 - Hosts: 127.0.0.1 www.mail.yandex.ru
O1 - Hosts: 127.0.0.1 nulled.ws
O1 - Hosts: 127.0.0.1 www.nulled.ws
O1 - Hosts: 127.0.0.1 layer-ads.de
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 plati.ru
O1 - Hosts: 127.0.0.1 www.plati.ru
O1 - Hosts: 127.0.0.1 digiseller.ru
O1 - Hosts: 127.0.0.1 www.digiseller.ru
O1 - Hosts: 127.0.0.1 binural.ru
O1 - Hosts: 8569 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe (Salaat Time - www.salaattime.com)
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe (Salaat Time - www.salaattime.com)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0



O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0



O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 38 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..Trusted Sites: 38 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Reg Error: Value does not exist or could not be read.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - skype4com - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler: - x-mem1 - C:\WINDOWS\system32\wowctl2.dll (EzTools Software)
O18 - Protocol\Handler: - x-mem3 - C:\WINDOWS\system32\eztoolslib2.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007-07-27 10:24:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{883758ce-e21c-11dc-a8b2-001636fdb91d}\Shell\AutoRun\command]
"" = F:\setupSNK.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de و بعد اني الممضي اسفله فاطمة الحاج عمار من مواليد 25 جويلية 1986 بالنستير صاحبة بطاقة التعريف الوطنية عدد 06879952 متحصلة على شهادة الجامعية للتكنولوجيا في الاتصالات سنة2008 من المعهد العالي ل.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de ? ??? ??? ?????? ????? ????? ????? ???? ?? ?????? 25 ?????? 1986 ???????? ????? ????? ??????? ??????? ??? 06879952 ?????? ??? ????? ???????? ??????????? ?? ????????? ???2008 ?? ?????? ?????? ?.doc
[2008-12-29 09:08:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\~$tourner dans la fenêtre du Bloc.docx
[2008-12-29 09:08:16 | 00,094,793 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Retourner dans la fenêtre du Bloc.docx
[2008-12-29 09:05:27 | 00,309,253 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\viewtopic.php.htm
[2008-12-29 09:05:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\viewtopic.php_fichiers
[2008-12-28 21:23:08 | 08,993,747 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\GAZA.wmv
[2008-12-28 20:46:41 | 00,462,519 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Huwwara_Checkpoint_Palestine.jpg
[2008-12-28 20:44:03 | 00,231,420 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\966584151131020a3ccb43c3f2494d9a55a9fb6a.jpeg
[2008-12-28 20:43:04 | 00,138,595 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\flag.jpg
[2008-12-28 20:41:52 | 00,021,427 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_317287.jpg
[2008-12-28 20:41:20 | 00,028,347 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_442689.jpg
[2008-12-28 20:41:11 | 00,021,309 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1343805049.jpg
[2008-12-28 20:41:02 | 00,050,671 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\mage001.jpg
[2008-12-28 20:40:52 | 00,172,637 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\080508-PalestineSaffouri-03.jpg
[2008-12-28 20:40:42 | 00,022,512 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\gaza_18202a.jpg
[2008-12-28 20:39:34 | 00,016,378 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\721332414.jpg
[2008-12-28 20:38:34 | 00,018,373 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\jih PalestineFreeVoice July 27 2007 gaza Strip.jpg
[2008-12-28 20:37:20 | 00,130,241 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\49605908.20050919img_8246.jpg
[2008-12-28 20:21:49 | 00,190,303 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\532450061_0097929843.jpg
[2008-12-28 20:20:25 | 00,025,413 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\article_CPS.HOU48.131107111301.photo00.photo.default-512x360.jpg
[2008-12-28 20:20:19 | 00,036,069 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\080123.gaza.breaking.egypt.wall.demo.6.jpg
[2008-12-28 20:18:46 | 00,272,118 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\palestine.bmp
[2008-12-28 20:18:40 | 00,023,274 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\afp-photo-163798.jpg
[2008-12-28 20:18:31 | 00,363,374 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Infos_Gaza_-_351_-.pdf_-_Adobe_Reader.bmp
[2008-12-28 20:18:25 | 00,068,527 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\080604-almeghari-gaza.jpg
[2008-12-28 20:17:29 | 00,044,962 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\arton4369-436x299.jpg
[2008-12-28 20:16:10 | 00,008,252 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_386797.jpg
[2008-12-28 20:16:04 | 00,021,593 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_413386.jpg
[2008-12-28 20:12:24 | 00,056,202 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xbbb.jpg
[2008-12-28 20:11:16 | 00,012,175 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\607033625.jpg
[2008-12-28 20:09:26 | 00,051,877 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xbb.jpg
[2008-12-28 20:09:08 | 00,060,233 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xppk.jpg
[2008-12-28 20:08:53 | 00,055,768 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xpp.jpg
[2008-12-28 20:08:43 | 00,062,739 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xm.jpg
[2008-12-28 20:08:31 | 00,111,421 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xp.jpg
[2008-12-28 20:08:18 | 00,086,113 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xoo.jpg
[2008-12-28 20:08:05 | 00,049,894 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xnnnn.jpg
[2008-12-28 20:07:50 | 00,089,176 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xii.jpg
[2008-12-28 20:07:39 | 00,033,405 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xnnn.jpg
[2008-12-28 20:07:25 | 00,056,202 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xnn.jpg
[2008-12-28 20:07:13 | 00,069,208 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610x.jpg
[2008-12-28 20:06:24 | 00,064,922 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\16wn0.jpg
[2008-12-28 20:04:38 | 00,040,322 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1_880821_1_34.jpg
[2008-12-28 20:01:34 | 00,020,078 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\28644.jpg
[2008-12-28 20:01:22 | 00,017,932 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\تعاطفًا-مع-غزة.jpg
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????-??-???.jpg
[2008-12-28 20:00:44 | 00,029,741 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1_880863_1_34.jpg
[2008-12-28 20:00:20 | 00,026,979 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\gaza2008-2.jpg
[2008-12-28 19:54:37 | 00,015,096 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\4f570e5fb4at9.jpg
[2008-12-28 18:58:09 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTMoveIt3.exe
[2008-12-28 18:58:09 | 00,342,717 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ToolBarSD.exe
[2008-12-28 18:58:08 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe
[2008-12-28 18:56:01 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\reparlsa.reg
[2008-12-28 18:48:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Application Data\Malwarebytes
[2008-12-28 18:48:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008-12-28 18:48:32 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008-12-28 18:48:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008-12-28 18:48:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008-12-28 18:48:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008-12-28 15:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\cours.php_fichiers
[2008-12-28 15:16:35 | 00,040,089 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\cours.php.htm
[2008-12-28 15:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Irriga_ar_fichiers
[2008-12-28 15:03:30 | 00,048,233 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Irriga_ar.htm
[2008-12-28 14:53:47 | 00,091,693 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\بداية تاريخ الحضارة الإسلامية.. 'القيروان' منبر العلم والعلماء بالمغرب العربى.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ????? ??????? ?????????.. '????????' ???? ????? ???????? ??????? ??????.htm
[2008-12-28 14:53:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\بداية تاريخ الحضارة الإسلامية.. 'القيروان' منبر العلم والعلماء بالمغرب العربى_fichiers
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ????? ??????? ?????????.. '????????' ???? ????? ???????? ??????? ??????_fichiers
[2008-12-28 14:52:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\القروان_fichiers
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????_fichiers
[2008-12-28 14:52:13 | 00,031,725 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\القروان.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????.htm
[2008-12-28 09:53:15 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\mbam-setup.exe
[2008-12-28 01:20:51 | 00,002,983 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\avatar238675_6.gif.jpg
[2008-12-28 00:30:24 | 00,084,847 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n772762811_1661322_2334.jpg
[2008-12-28 00:30:14 | 00,024,595 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1606447492_28582_6526.jpg
[2008-12-28 00:30:04 | 00,054,545 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n868710034_4677359_3239.jpg
[2008-12-26 20:37:18 | 00,066,048 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Constitution_Tunisia.doc
[2008-12-26 12:40:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\وزارة التربية و التكوين.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ??????? ? ???????.doc
[2008-12-26 12:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\tunisiasat
[2008-12-25 21:37:32 | 00,471,833 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Star sghar.3gp
[2008-12-25 21:22:38 | 00,137,682 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\s4Z93788.gif
[2008-12-25 21:22:00 | 00,072,341 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\81881249[2].jpg
[2008-12-25 21:16:08 | 00,046,353 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\0025mf7.gif
[2008-12-24 21:35:13 | 00,203,806 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Photo029.jpg
[2008-12-24 21:15:54 | 00,032,396 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ffff.JPG
[2008-12-24 18:16:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Command and Conquer Generals Zero Hour Data
[2008-12-24 18:12:03 | 00,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals Zero Hour .lnk
[2008-12-24 18:04:28 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals.lnk
[2008-12-24 16:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Nouveau dossier
[2008-12-24 15:25:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\etswaer et fichier
[2008-12-21 20:30:17 | 00,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008-12-21 20:30:01 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008-12-21 20:30:01 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008-12-21 20:30:01 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008-12-21 20:29:56 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008-12-21 20:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008-12-21 12:35:50 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008-12-21 12:31:19 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2008-12-21 12:16:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008-12-20 18:56:41 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\HijackThis.lnk
[2008-12-20 18:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008-12-20 12:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008-12-16 18:25:18 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008-12-16 18:10:35 | 00,000,146 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\KAV_RC.ini
[2008-12-16 18:10:33 | 00,505,344 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\KAV_Registry_Clean.exe
[2008-12-16 18:10:33 | 00,098,522 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Do_list.dat
[2008-12-15 14:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\TP OG P 4&5 (Raif El Hadj Ammar)textile3 chimie 1
[2008-12-13 08:26:50 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Nouveau Document Microsoft Office Word 97 - 2003.doc
[2008-12-10 20:28:28 | 00,000,000 | ---D | C] -- C:\meta
[2008-12-06 00:36:04 | 00,001,601 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Quake III Arena.lnk
[2008-12-06 00:35:26 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2008-12-06 00:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\Quake III Arena
[2008-12-06 00:31:12 | 00,000,897 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2008-12-05 22:56:34 | 00,000,878 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\TmNations.lnk
[2008-12-05 22:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\TrackMania Nations ESWC
[2008-12-05 22:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\trackmania
[2008-12-05 21:25:46 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Counter-Strike 1.6.lnk
[2008-12-05 21:22:13 | 00,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2008-12-05 19:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP5
[2008-12-05 19:26:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP4
[2008-12-05 19:26:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP3
[2008-12-04 21:59:41 | 00,000,068 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\listen.pls
[2008-12-03 19:47:38 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1dc299.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de و بعد اني الممضي اسفله فاطمة الحاج عمار من مواليد 25 جويلية 1986 بالنستير صاحبة بطاقة التعريف الوطنية عدد 06879952 متحصلة على شهادة الجامعية للتكنولوجيا في الاتصالات سنة2008 من المعهد العالي ل.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de ? ??? ??? ?????? ????? ????? ????? ???? ?? ?????? 25 ?????? 1986 ???????? ????? ????? ??????? ??????? ??? 06879952 ?????? ??? ????? ???????? ??????????? ?? ????????? ???2008 ?? ?????? ?????? ?.doc
[2008-12-29 09:27:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-12-29 09:27:20 | 00,000,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2008-12-29 09:26:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-12-29 09:26:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-12-29 09:26:37 | 00,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-12-29 09:25:17 | 12,885,774 | -H-- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\IconCache.db
[2008-12-29 09:12:55 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-29 09:08:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\~$tourner dans la fenêtre du Bloc.docx
[2008-12-29 09:08:16 | 00,094,793 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Retourner dans la fenêtre du Bloc.docx
[2008-12-29 09:05:31 | 00,309,253 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\viewtopic.php.htm
[2008-12-29 08:52:31 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Mes dossiers de partage.lnk
[2008-12-28 21:29:54 | 08,993,747 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\GAZA.wmv
[2008-12-28 20:50:46 | 00,403,968 | -HS- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Thumbs.db
[2008-12-28 20:46:48 | 00,462,519 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Huwwara_Checkpoint_Palestine.jpg
[2008-12-28 20:44:04 | 00,231,420 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\966584151131020a3ccb43c3f2494d9a55a9fb6a.jpeg
[2008-12-28 20:43:05 | 00,138,595 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\flag.jpg
[2008-12-28 20:41:52 | 00,021,427 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_317287.jpg
[2008-12-28 20:41:20 | 00,028,347 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_442689.jpg
[2008-12-28 20:41:12 | 00,021,309 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1343805049.jpg
[2008-12-28 20:41:03 | 00,050,671 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\mage001.jpg
[2008-12-28 20:40:52 | 00,172,637 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\080508-PalestineSaffouri-03.jpg
[2008-12-28 20:40:43 | 00,022,512 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\gaza_18202a.jpg
[2008-12-28 20:39:35 | 00,016,378 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\721332414.jpg
[2008-12-28 20:38:35 | 00,018,373 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\jih PalestineFreeVoice July 27 2007 gaza Strip.jpg
[2008-12-28 20:37:21 | 00,130,241 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\49605908.20050919img_8246.jpg
[2008-12-28 20:21:49 | 00,190,303 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\532450061_0097929843.jpg
[2008-12-28 20:20:27 | 00,025,413 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\article_CPS.HOU48.131107111301.photo00.photo.default-512x360.jpg
[2008-12-28 20:20:20 | 00,036,069 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\080123.gaza.breaking.egypt.wall.demo.6.jpg
[2008-12-28 20:18:47 | 00,272,118 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\palestine.bmp
[2008-12-28 20:18:41 | 00,023,274 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\afp-photo-163798.jpg
[2008-12-28 20:18:32 | 00,363,374 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Infos_Gaza_-_351_-.pdf_-_Adobe_Reader.bmp
[2008-12-28 20:18:28 | 00,068,527 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\080604-almeghari-gaza.jpg
[2008-12-28 20:17:29 | 00,044,962 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\arton4369-436x299.jpg
[2008-12-28 20:16:11 | 00,008,252 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_386797.jpg
[2008-12-28 20:16:05 | 00,021,593 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\large_413386.jpg
[2008-12-28 20:12:25 | 00,056,202 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xbbb.jpg
[2008-12-28 20:11:17 | 00,012,175 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\607033625.jpg
[2008-12-28 20:09:27 | 00,051,877 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xbb.jpg
[2008-12-28 20:09:09 | 00,060,233 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xppk.jpg
[2008-12-28 20:08:54 | 00,055,768 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xpp.jpg
[2008-12-28 20:08:43 | 00,062,739 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xm.jpg
[2008-12-28 20:08:32 | 00,111,421 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xp.jpg
[2008-12-28 20:08:19 | 00,086,113 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xoo.jpg
[2008-12-28 20:08:06 | 00,049,894 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xnnnn.jpg
[2008-12-28 20:07:51 | 00,089,176 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xii.jpg
[2008-12-28 20:07:40 | 00,033,405 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xnnn.jpg
[2008-12-28 20:07:26 | 00,056,202 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610xnn.jpg
[2008-12-28 20:07:14 | 00,069,208 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\610x.jpg
[2008-12-28 20:06:25 | 00,064,922 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\16wn0.jpg
[2008-12-28 20:04:39 | 00,040,322 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1_880821_1_34.jpg
[2008-12-28 20:01:34 | 00,020,078 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\28644.jpg
[2008-12-28 20:01:23 | 00,017,932 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\تعاطفًا-مع-غزة.jpg
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????-??-???.jpg
[2008-12-28 20:00:45 | 00,029,741 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1_880863_1_34.jpg
[2008-12-28 20:00:20 | 00,026,979 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\gaza2008-2.jpg
[2008-12-28 19:54:38 | 00,015,096 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\4f570e5fb4at9.jpg
[2008-12-28 18:56:01 | 00,000,131 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\reparlsa.reg
[2008-12-28 18:48:32 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008-12-28 15:16:40 | 00,040,089 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\cours.php.htm
[2008-12-28 15:03:31 | 00,048,233 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Irriga_ar.htm
[2008-12-28 14:53:56 | 00,091,693 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\بداية تاريخ الحضارة الإسلامية.. 'القيروان' منبر العلم والعلماء بالمغرب العربى.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ????? ??????? ?????????.. '????????' ???? ????? ???????? ??????? ??????.htm
[2008-12-28 14:52:50 | 00,031,725 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\القروان.htm
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\???????.htm
[2008-12-28 09:52:28 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\mbam-setup.exe
[2008-12-28 01:20:52 | 00,002,983 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\avatar238675_6.gif.jpg
[2008-12-28 00:30:25 | 00,084,847 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n772762811_1661322_2334.jpg
[2008-12-28 00:30:15 | 00,024,595 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1606447492_28582_6526.jpg
[2008-12-28 00:30:05 | 00,054,545 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n868710034_4677359_3239.jpg
[2008-12-26 20:37:20 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Constitution_Tunisia.doc
[2008-12-26 17:16:52 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2008-12-26 12:40:33 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\وزارة التربية و التكوين.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ??????? ? ???????.doc
[2008-12-25 21:22:39 | 00,137,682 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\s4Z93788.gif
[2008-12-25 21:22:00 | 00,072,341 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\81881249[2].jpg
[2008-12-25 21:16:09 | 00,046,353 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\0025mf7.gif
[2008-12-25 10:59:17 | 00,090,856 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008-12-24 21:35:15 | 00,203,806 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Photo029.jpg
[2008-12-24 21:15:54 | 00,032,396 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ffff.JPG
[2008-12-24 18:16:13 | 00,000,984 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2008-12-24 18:12:03 | 00,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals Zero Hour .lnk
[2008-12-24 18:04:28 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Command & Conquer Generals.lnk
[2008-12-21 20:30:17 | 00,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008-12-21 12:09:33 | 00,342,717 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ToolBarSD.exe
[2008-12-21 12:02:02 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTMoveIt3.exe
[2008-12-21 11:59:57 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe
[2008-12-20 18:56:41 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\HijackThis.lnk
[2008-12-20 12:28:24 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008-12-19 21:23:36 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-18 21:34:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-15 14:55:27 | 00,000,085 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008-12-13 08:37:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008-12-13 08:37:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008-12-13 08:29:12 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Nouveau Document Microsoft Office Word 97 - 2003.doc
[2008-12-12 18:02:12 | 03,088,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-12 18:02:12 | 03,088,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008-12-06 00:36:04 | 00,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Quake III Arena.lnk
[2008-12-06 00:35:26 | 00,000,897 | ---- | M] () -- C:\WINDOWS\Qiii.INI
[2008-12-05 22:56:34 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\TmNations.lnk
[2008-12-05 21:25:46 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Counter-Strike 1.6.lnk
[2008-12-04 21:59:41 | 00,000,068 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\listen.pls
[2008-12-03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008-12-03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008-12-03 19:47:42 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1dc299.doc
[2008-12-02 20:55:20 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2008-11-29 18:48:44 | 00,471,833 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Star sghar.3gp

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserP
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede nickW » 30 Déc 2008, 00:03

Bonsoir,

Peux-tu me dire comment se comporte le PC?

j'ai un probleme dans mon pc et je ne sais pas ce quoi exatement: quand je le demarre, il se ferme brusquement avec affichage d'un ecran tout bleu.

Est-ce toujours vrai?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede fatma » 30 Déc 2008, 14:31

salut,
ça change maintenant beaucoup, il demarre correctement, mais quand et ce n'est pas toujours quand je veux acceder au lecteur C et a quelque répertoires, il se bloque et se ferme brusquement après affichage d'un écran bleu.
bon, est ce que un bon antivirus peur resoudre le probleme? moi j'utilise l'anitivira mais il ne fait pas de mise a jour malgre qu il est telechragé depuis l'internet recement( il me dit que le fichier est endommagé ou supprimé quand je veux faire une mise a jour)
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede nickW » 30 Déc 2008, 14:56

Bonjour,

Quel est le message exact affiché sur l'écran bleu?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede fatma » 30 Déc 2008, 19:19

je ne sais pas exactement :(
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede nickW » 31 Déc 2008, 00:21

Bonsoir,


Dans l'Explorateur Windows, ouvrir le dossier C:\Windows\Minidump

S'il contient un ou plusieurs fichiers récents (de moins de 7 jours), il faudrait:
*- mettre ces fichiers dans une archive fatma-081230.zip

puis déposer cette archive sur un serveur externe afin que je puisse la récupérer.
Méthode:
*- Aller sur: http://www.yousendit.com/
(Javascript doit être activé)
*- Dans les zones To et From, saisir n'importe quoi avec un @ dedans (Exemples: abc@def.com et abcdef@def.com) et décocher la case située devant "Remember my email"
*- Sous Select a file, cliquer sur le bouton "Parcourir..." et aller jusqu'au fichier fatma-081230.zip et faire un double clic dessus pour le sélectionner
*- Cliquer sur le bouton vert "Send It"
*- Il y aura affichage d'une nouvelle page dans laquelle tu trouveras un lien (sous "Here is the link for the file you uploaded:")
Envoyer ce lien en réponse.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 44 invités