Se connecter / S'enregistrer
Votre question

est ce que quelqu'un peu m'aider svp

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Août 2008 14:25:38

Bonjour,
J'espère que quelqu'un pourra m'aider. Un fenêtre bleue s'est affichée sur mon pc, avec une alete windows qui me dit qu'il a detéctée de logitiel espion sur mon PC , il a lancée spyware-secure qui a trouvé des cookies et un rootkit : rootkit/adware.Win32.

J'y connais pas grand chose, donc je veux rien faire sans étre deriger par quelqu'un.

comme antivirus j'ai DR web, j vien de l'instaler donc je sais pas si il marche trés bien.

merci pour votre aide

Autres pages sur : aider svp

12 Août 2008 14:37:55

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre ;) 

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici[ le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.

    ;) 
    12 Août 2008 14:50:57

    re slt! merci de me reservé un peu de votre tps je sais que vous étes occupé donc je serai tré patiente

    voila le rapor de hijackthis



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:48:31, on 12/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DrWeb\spiderml.exe
    C:\Program Files\DrWeb\DRWEBSCD.EXE
    C:\PROGRA~1\DrWeb\spiderui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\PROGRA~1\DrWeb\spidernt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    c:\documents and settings\r\local settings\application data\iuame.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\E.M. Youtube Video Download Tool\E.M. Youtube Video Download Tool.exe
    C:\Program Files\E.M. Youtube Video Download Tool\E.M. Youtube Video Download Tool.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [iuame] "c:\documents and settings\r\local settings\application data\iuame.exe" iuame
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93EA3207-3AD7-4B94-AF49-2FD6666C9462}: NameServer = 208.67.222.222 208.67.220.220
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe

    --
    End of file - 5034 bytes
    Contenus similaires
    13 Août 2008 00:36:15

    Re,

    Télécharge Navilog (de Il-Mafioso)

    Enregistre-le sur ton Bureau.
    Installe-le en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2,3 et 4 sans notre accord !
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

    Le rapport se trouve ici :C:\fixnavi.txt

    ;) 
    13 Août 2008 02:56:46

    bonsoir,
    voici le raport


    Search Navipromo version 3.6.3 commencé le 13/08/2008 à 2:42:46,10

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "r"

    Mise à jour le 09.08.2008 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    Favorit
    MessengerSkinner

    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***

    ...\MessengerSkinner trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    ...\MessengerSkinner trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\r\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\r\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\r\menudm~1\progra~1" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\r\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\r\locals~1\applic~1" :

    iuame.dat trouvé !
    iuame.exe trouvé !
    iuame_nav.dat trouvé !
    iuame_navps.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 13/08/2008 à 2:47:24,51 ***
    13 Août 2008 12:34:22

    Re,

    Double clique sur le raccourci de navilog1.
    Option 2 puis valide. (entrée)
    Laisse toi guider.
    Ton ordinateur va redémarrer, sinon fais le manuellement.

    Ton bureau va disparaître.

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    Montorgueil ; VIP

    ~~> Supprime-les si présents ! (pas les autres) <~~

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    +++++++++++

    Les programmes suivants installent cette infection :

    * Go-astro
    * GoRecord
    * HotTVPlayer
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * sudoplanet
    * Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    * Sur le site www.games-desktop.com (Ne pas aller dessus!)

    ;) 
    14 Août 2008 14:20:49

    re,
    voici le rapport cleannavi

    Clean Navipromo version 3.6.3 commencé le 14/08/2008 à 14:03:14,25

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "r"

    Mise à jour le 09.08.2008 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\r\locals~1\applic~1" *



    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\r\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\r\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\r\menudm~1\progra~1" ***



    *** Suppression fichiers ***


    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\r\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\r\locals~1\applic~1" *


    iuame.exe trouvé !
    Copie iuame.exe réalisée avec succès !
    iuame.exe supprimé !

    iuame.dat trouvé !
    Copie iuame.dat réalisée avec succès !
    iuame.dat supprimé !

    iuame_nav.dat trouvé !
    Copie iuame_nav.dat réalisée avec succès !
    iuame_nav.dat supprimé !

    iuame_navps.dat trouvé !
    Copie iuame_navps.dat réalisée avec succès !
    iuame_navps.dat supprimé !

    C:\WINDOWS\prefetch\iuame*.pf trouvé !
    Copie C:\WINDOWS\prefetch\iuame*.pf réalisée avec succès !
    C:\WINDOWS\prefetch\iuame*.pf supprimé !


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 14/08/2008 à 14:06:55,21 ***

    et le rapport hijackhis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:15:13, on 14/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\DrWeb\spidernt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DrWeb\spiderml.exe
    C:\Program Files\DrWeb\DRWEBSCD.EXE
    C:\PROGRA~1\DrWeb\spiderui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93EA3207-3AD7-4B94-AF49-2FD6666C9462}: NameServer = 208.67.222.222 208.67.220.220
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe

    --
    End of file - 4681 bytes
    15 Août 2008 01:13:24

    Re,

    On va faire un petit scan pour vérifier que tout est propre. ;) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    16 Août 2008 12:52:51

    re,
    voila j'ai effectué le scan j'ai trouvé une infection que j'ai supprimé et voici le rapport





    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1053
    Windows 5.1.2600 Service Pack 2

    12:12:46 16/08/2008
    mbam-log-8-16-2008 (12-12-42).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 69009
    Temps écoulé: 1 hour(s), 13 minute(s), 12 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\mes image\abdel\logiciel\abdel\READ ME\SSF7KG\Keygen.exe (Trojan.Downloader) -> No action taken.

    16 Août 2008 19:01:00

    :hello:  Bonjour,

    Bien :super:

    Poste un nouveau rapport HijackThis qu'on fasse le point.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    17 Août 2008 00:45:50

    bonsoir, je voudrai vous remrci pour votre aide c'est tré généreu de votre part de vous occupé de tt ce petit monde!!!
    sinon pour mon PC je suis débarrassé dé annonce d'antispawer mais il est tjr lent
    bon voici le rapport

    et encors merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:42:32, on 17/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\DrWeb\spidernt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DrWeb\spiderml.exe
    C:\Program Files\DrWeb\DRWEBSCD.EXE
    C:\PROGRA~1\DrWeb\spiderui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\r\Application Data\Dealio\kb127\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93EA3207-3AD7-4B94-AF49-2FD6666C9462}: NameServer = 208.67.222.222 208.67.220.220
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe

    --
    End of file - 5229 bytes
    17 Août 2008 22:59:43

    Re,

    On continue le nettoyage, en effet il reste encore des infections que l'on va nettoyer :) 

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)

    ;) 
    19 Août 2008 18:10:31

    re :hello: 

    voici le nouveau rapport




    -----------\\ ToolBar S&D 1.1.0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.53GHz )
    Default System BIOS
    BOOT : Normal boot

    "C:\ToolBar SD" ( MAJ : 19-08-2008|15:08 )
    Option : [1] ( 20/08/2008|17:00 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\r\APPLIC~1\Dealio
    C:\DOCUME~1\r\APPLIC~1\Dealio\kb127
    C:\Program Files\Dealio
    C:\Program Files\Dealio\DealioAU.exe
    C:\Program Files\Dealio\kb127
    C:\Program Files\Dealio\SearchSettingsKit.exe
    C:\WINDOWS\Prefetch\DEALIO DESKBAR.EXE-0CAD5C64.pf
    C:\WINDOWS\Prefetch\DEALIO.EXE-2B188485.pf
    C:\WINDOWS\Prefetch\DEALIOAU.EXE-32C4A05D.pf
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    C:\WINDOWS\Prefetch\SEARCHSETTINGSKIT.EXE-2CF0B947.pf
    C:\DOCUME~1\r\APPLIC~1\Search Settings
    C:\DOCUME~1\r\APPLIC~1\Search Settings\kb127
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\WINDOWS\Prefetch\DEALIO.EXE-2B188485.pf
    C:\Program Files\MSN Messenger\msimg32.dll

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="about:blank"
    "Search Page"="http://www.google.com"
    "Search Bar"="http://www.google.com/ie"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    "Default_Search_URL"="http://www.google.com/ie"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    -----------\\ Fin du rapport a 17:02:18,68

    :) 
    19 Août 2008 21:22:39

    Re,

    Relance Toolbar-S&D en double-cliquant sur le raccourci.

  • Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.
    ! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
  • Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.

    [#008040]Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


  • ;) 
    20 Août 2008 13:54:19

    reslt :hello: 

    voila le rapport de Toolbar-S&D


    -----------\\ ToolBar S&D 1.1.0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.53GHz )
    Default System BIOS
    BOOT : Normal boot

    "C:\ToolBar SD" ( MAJ : 19-08-2008|15:08 )
    Option : [2] ( 21/08/2008| 2:57 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\r\APPLIC~1\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Echec ! - C:\Program Files\MSN Messenger\msimg32.dll
    Supprime! - C:\DOCUME~1\r\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ DEUXIEME PASSAGE

    Echec ! - C:\Program Files\MSN Messenger\msimg32.dll

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\MSN Messenger\msimg32.dll

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="about:blank"
    "Search Page"="http://www.google.com"
    "Search Bar"="http://www.google.com/ie"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    "Default_Search_URL"="http://www.google.com/ie"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    -----------\\ Fin du rapport a 2:59:31,71



    et celui de HijackThis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:02:59, on 21/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DrWeb\DRWEBSCD.EXE
    C:\Program Files\DrWeb\spiderml.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93EA3207-3AD7-4B94-AF49-2FD6666C9462}: NameServer = 208.67.222.222 208.67.220.220
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 3883 bytes

    merci encors :wahoo: 


    20 Août 2008 19:33:51

    Re,

    Tu as un antivirus ?

    Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    [kill explorer]
    C:\Program Files\MSN Messenger\msimg32.dll
    purity
    emptytemp
    [start explorer]

    N.B : Le bureeau va disparaître, c'est normal !
  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre jaune clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    ;) 
    20 Août 2008 22:10:24

    re,
    j'ai essayé de faire se que vous m'avez demander mais a caque foi que je clique sur la touche Moveit tout bloque :fou:  et la fenetre le programme ne repond pas aparait.
    mais j'ai pue lire sur la zone des resultat [kill explorer] .

    20 Août 2008 22:14:50

    j'ai oublier de vous dire que efectivement j'ai un antivirus c'est DR.web
    21 Août 2008 00:41:21

    Re,

    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

    Supprime le fichier ci-dessous en gras : ( clic droit, supprimer )

    C:\Program Files\MSN Messenger\msimg32.dll

    Redémarre en mode normal et poste un nouveau rapport HijackThis.

    ;) 
    21 Août 2008 23:57:03

    :hello: 
    re,
    voici le nouveau rapport hijakthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:21:25, on 22/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93EA3207-3AD7-4B94-AF49-2FD6666C9462}: NameServer = 208.67.222.222 208.67.220.220
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 3641 bytes
    22 Août 2008 12:23:12

    Re,

    Tu as un antivirus ?

    ;) 
    22 Août 2008 12:29:08

    re,
    oui j'ai un antivirus c'estdr.wab mais je pense qu'il ne marche pas trés bien

    vous me conseilerez lequel????
    22 Août 2008 12:31:24

    Re,

    Ok alors :

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Dr.Web

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu'il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficaces, lance le scan en mode sans échec.

    Aide : Comment installer et utiliser AntiVir.

    ;) 
    23 Août 2008 13:36:24

    re;

    voici le rapport d'antivir



    Avira AntiVir Personal
    Report file date: samedi 23 août 2008 21:33

    Scanning for 1567803 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: r
    Computer name: H-37B8E0089C404

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 13:45:57
    ANTIVIR3.VDF : 7.0.6.57 233984 Bytes 22/08/2008 13:46:14
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 23/08/2008 13:47:14
    AESCN.DLL : 8.1.0.23 119156 Bytes 23/08/2008 13:47:08
    AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
    AEPACK.DLL : 8.1.2.1 364917 Bytes 23/08/2008 13:47:04
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 23/08/2008 13:46:57
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 23/08/2008 13:46:53
    AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
    AEGEN.DLL : 8.1.0.36 315764 Bytes 23/08/2008 13:46:31
    AEEMU.DLL : 8.1.0.7 430452 Bytes 23/08/2008 13:46:25
    AECORE.DLL : 8.1.1.8 172406 Bytes 23/08/2008 13:46:20
    AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 23/08/2008 13:46:16
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: A:, C:, D:, E:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 23 août 2008 21:33

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'A:\'
    [INFO] In the drive 'A:\' no data medium is inserted!
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '53' files ).


    Starting the file scan:

    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <poste de travail>
    D:\mes image\abdel\logiciel\le CD parfe par moi\utilit..2006\FSCommand\shop.brush.exe
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    D:\mes image\abdel\logiciel\utiliter\mobile\Oxygen Phone Manager II 2.3.1\Oxygen Phone Manager II 2.3.1\IMEI Patch\IMEI Patch.exe
    [DETECTION] Is the TR/Spy.Gen Trojan
    [NOTE] The file was deleted!
    D:\mes image\abdel\logiciel\محطم العمالقة\TBS\e-Learning\Adobe Reader 7.0 ME\TBS.exe
    [0] Archive type: RAR SFX (self extracting)
    --> Data1.cab
    [1] Archive type: CAB (Microsoft)
    --> HLS.api_NON_OPT
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.


    End of the scan: samedi 23 août 2008 22:28
    Used time: 54:54 Minute(s)

    The scan has been done completely.

    3231 Scanning directories
    143543 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    143539 Files not concerned
    2391 Archives were scanned
    5 Warnings
    1 Notes

    :) 
    23 Août 2008 13:39:17

    je vien de lore relire ton message et mon rapport et je me suis rendu compte que j'ai pas activé la détéction des rootkits :(  donc je vais refaire un autre scen et je vous post le rapport
    23 Août 2008 21:56:29

    re
    voici le 2eme rapport d'antivir



    Avira AntiVir Personal
    Report file date: dimanche 24 août 2008 12:43

    Scanning for 1567803 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: r
    Computer name: H-37B8E0089C404

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 13:45:57
    ANTIVIR3.VDF : 7.0.6.57 233984 Bytes 22/08/2008 13:46:14
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 23/08/2008 13:47:14
    AESCN.DLL : 8.1.0.23 119156 Bytes 23/08/2008 13:47:08
    AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
    AEPACK.DLL : 8.1.2.1 364917 Bytes 23/08/2008 13:47:04
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 23/08/2008 13:46:57
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 23/08/2008 13:46:53
    AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
    AEGEN.DLL : 8.1.0.36 315764 Bytes 23/08/2008 13:46:31
    AEEMU.DLL : 8.1.0.7 430452 Bytes 23/08/2008 13:46:25
    AECORE.DLL : 8.1.1.8 172406 Bytes 23/08/2008 13:46:20
    AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 23/08/2008 13:46:16
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: dimanche 24 août 2008 12:43

    Starting search for hidden objects.
    '218896' objects were checked, '0' hidden objects were found.

    Starting the file scan:

    Begin scan in 'C:'
    C:\
    AUTOEXEC.BAT
    boot.ini
    Bootfont.bin
    cleannavi.txt
    CONFIG.SYS
    fixnavi.txt
    IO.SYS
    MSDOS.SYS
    NTDETECT.COM
    ntldr
    pagefile.sys
    [WARNING] The file could not be opened!
    sqmdata00.sqm
    sqmnoopt00.sqm
    TB.txt
    TB2.txt
    C:\Anuman Interactive\
    répertoire.rep
    C:\Anuman Interactive\Cartes de visite\
    AGIPA.pag
    AVERY.pag
    BOEDER.pag
    CANSON.pag
    Cartes_de_visite.for
    Formats personnalisés.pag
    ZWECKFORM.pag
    C:\Anuman Interactive\Cartes de visite\etik\
    AGIPA A4.csv
    AGIPA A5.csv
    AGIPA Canon.csv
    AGIPA Epson.csv
    AGIPA HP.csv
    AVERY.csv
    Formats personnalisés.csv
    C:\Anuman Interactive\Cartes de visite\images\
    21-8586.jpg
    Bbq.jpg
    bordures_357.wmf
    Photo 006.jpg
    Photo 012.jpg
    Photo.jpg
    POULET-200X200.jpg
    poulet_roti_4.jpg
    Thumbs.db
    C:\Anuman Interactive\Cartes de visite\perso\
    fantaisie 004.JPG
    fantaisie 004.mdl
    fantaisie 005.JPG
    fantaisie 005.mdl
    C:\Documents and Settings\
    Orph.egd
    C:\Documents and Settings\All Users\Application Data\
    desktop.ini
    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0\Replicate\Security\
    directories.acrodata
    C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\
    AdobeESDGlobalApps.xml
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\
    addr_file.html
    AVWIN.INI
    update.conf
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\EVENTDB\
    avevtdb.dbe
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\
    classic-nt-en.info
    master.idx
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\JOBS\
    produpd.avj
    scanjob.avj
    startupd.avj
    updjob.avj
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\
    avguard.log
    AVSCAN-20080823-213250-7E4B2007.LOG
    AVSCAN-20080823-213314-836FAEA6.LOG
    AVSCAN-20080824-124249-BBFB073D.LOG
    sched.log
    setup.log
    setup00.log
    Upd-2008-08-23-15-43-21.log
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\
    folder.avp
    rootkit.avp
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\REPORTS\
    5294cc99.avl
    5da3bba5.avl
    a9e8ca83.avl
    C:\Documents and Settings\All Users\Application Data\Google\Custom Buttons\
    TOOLBAR.GOOGLE.COM_O8Y91YHB24Z6SR0SGYSK.XML
    C:\Documents and Settings\All Users\Application Data\Google\Toolbar Dictionary\
    googledict_en2fr.dat
    googledict_en2fr_small.dat
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\
    kis.fr.msi
    setup.exe
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\
    ignore.dat
    news.txt
    rules.ref
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\
    29ca46ce0c28209c40f6021483a40517_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    33305a520e4be490f4fe02d562c51e07_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    3479ed0823b3174d3d3ad8b70e6bd9af_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    84d493bd4454bacddaec8b06d411d35a_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    b79c452e3aad70c2db50307cbb421bc8_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    c81d2b94a691f7fa2c4fea00768cbafb_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    d41be6046ed84f2a894e5992d236f1a6_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    df8400ff114006993608576452e82c63_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    fc61c2cb62247f93f0e903ce9b2a854d_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\
    6dea747ed38eabf371282d88992c2768_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    d42cc0c3858a58db2db37658219e6400_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\
    ppcrlconfig.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\
    DefaultStore_59R.bin
    UserMigratedStore_59R.bin
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\
    rasphone.pbk
    sharedaccess.ini
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\
    qmgr0.dat
    qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\
    DATA.BAK
    data.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\
    Administrateur.bmp
    guest.bmp
    r.bmp
    C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\
    airplane.bmp
    astronaut.bmp
    ball.bmp
    beach.bmp
    butterfly.bmp
    car.bmp
    cat.bmp
    chess.bmp
    dirt bike.bmp
    dog.bmp
    drip.bmp
    duck.bmp
    fish.bmp
    frog.bmp
    guitar.bmp
    horses.bmp
    kick.bmp
    lift-off.bmp
    palm tree.bmp
    pink flower.bmp
    red flower.bmp
    skater.bmp
    snowflake.bmp
    C:\Documents and Settings\All Users\Application Data\NCH Software\Eyeline\
    Email Template.txt
    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage\data\
    data.dat
    C:\Documents and Settings\All Users\Application Data\Skype\Pictures\
    Angel Skype.png
    Architect Skype.png
    Beach Skype.png
    Behind Skype.png
    Business Skype.png
    Call Me Sweetheart.png
    Call Me.png
    Carnival Skype.png
    Chic Skype.png
    Christmas Skype.png
    College Skype.png
    Desert Skype.png
    Designer Skype.png
    Devil Skype.png
    DIY Skype.png
    DJ Skype.png
    Earbud Skype.png
    Empire Skype.png
    Fax Skype.png
    Geisha Skype.png
    Hula Skype.png
    Make Skype Not War.png
    Metal Skype.png
    Ninja Skype.png
    Party Skype.png
    Pop Skype.png
    Rice Skype.png
    Skypahontas.png
    Skype 502.png
    Skype Aid.png
    Skype Artiste.png
    Skype Beauty.png
    Skype Bling.png
    Skype Boarder.png
    Skype Brrr... .png
    Skype Candy.png
    Skype Cola.png
    Skype Cool Shades.png
    Skype Extreme.png
    Skype Goaaaaal.png
    Skype Headset.png
    Skype in a Bag.png
    Skype Jah.png
    Skype Jyve.png
    Skype Safety.png
    Skype San.png
    Skype Shorty.png
    Skype Smiley.png
    Skype Time.png
    Skype-a-Manger.png
    Skype-ahoy.png
    Skype-in-one.png
    Skype.png
    Skypers of the Caribbean.png
    Star Skype.png
    Sushi Skype.png
    The Skypeness.png
    Travel Skype.png
    Wetsuit Skype.png
    Yin Yang Skype.png
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\
    ~Please do not delete files from this folder
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\Categories\
    Business.png
    Collaboration.png
    Community.png
    Expression.png
    Featured.png
    GameChannel.png
    GreetingCards.png
    Manage.png
    MostPopular.png
    MyPlugins.png
    New.png
    Productivity.png
    RemoteAccess.png
    Utilities.png
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\
    Game List.swf
    [0] Archive type: SWC
    --> Object
    icon24.png
    named_strings.mlsxml
    PickGame.htm
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\
    ~Please do not delete files from this folder
    C:\Documents and Settings\All Users\Application Data\Skype\Wallpapers\
    Skype Argyle-Madness.png
    Skype Blue-for-you.png
    Skype Blue-Haze.png
    Skype Brushed metal.png
    Skype Candy-Stripe.png
    Skype Crop-circles.png
    Skype Denim.png
    Skype Diagonal-grey.png
    Skype Ess.png
    Skype Fleur-de-Skype.png
    Skype Gid's-Threads.png
    Skype Giraffe.png
    Skype Grille.png
    Skype Kitchen.png
    Skype Moo-fuel.png
    Skype Moo.png
    Skype Pyjama Party.png
    Skype Rainbow Nation.png
    Skype Rivets.png
    Skype Sand.png
    Skype Shamrock.png
    Skype Wood.png
    C:\Documents and Settings\All Users\Application Data\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\
    Skype.msi
    C:\Documents and Settings\All Users\Application Data\Ulead Systems\
    ULEAD32.INI
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data\
    data.dat
    C:\Documents and Settings\All Users\Bureau\
    Adobe Reader 9.lnk
    AntiVir PE Classic.lnk
    Malwarebytes' Anti-Malware.lnk
    Media Player Classic.lnk
    Navilog1.lnk
    Obtenir OpenOffice.org.lnk
    Opera.lnk
    Windows Live Messenger.lnk
    C:\Documents and Settings\All Users\Documents\
    desktop.ini
    C:\Documents and Settings\All Users\Documents\Ma musique\
    Desktop.ini
    C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\000FA8E9\
    Plylst1.wpl
    Plylst10.wpl
    Plylst11.wpl
    Plylst12.wpl
    Plylst13.wpl
    Plylst14.wpl
    Plylst15.wpl
    Plylst2.wpl
    Plylst3.wpl
    Plylst4.wpl
    Plylst5.wpl
    Plylst6.wpl
    Plylst7.wpl
    Plylst8.wpl
    Plylst9.wpl
    C:\Documents and Settings\All Users\Documents\Ma musique\Échantillons de musique\
    desktop.ini
    Nouvelles histoires (le blues de l'autoroute).wma
    Symphonie n° 9 de Beethoven (scherzo).wma
    C:\Documents and Settings\All Users\Documents\Mes images\
    Desktop.ini
    C:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images\
    Collines.jpg
    Coucher de soleil.jpg
    desktop.ini
    Hiver.jpg
    Nénuphars.jpg
    Thumbs.db
    C:\Documents and Settings\All Users\Documents\Mes vidéos\
    Desktop.ini
    C:\Documents and Settings\All Users\DRM\
    drmv2.lic
    drmv2.sst
    C:\Documents and Settings\All Users\Menu Démarrer\
    Catalogue Windows.lnk
    Configurer les programmes par défaut.lnk
    desktop.ini
    Nouveau document Office.lnk
    Obtenir OpenOffice.org.lnk
    Ouvrir un document Office.lnk
    Windows Update.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\
    Adobe Reader 9.lnk
    desktop.ini
    Microsoft Access.lnk
    Microsoft Excel.lnk
    Microsoft Outlook.lnk
    Microsoft PowerPoint.lnk
    Microsoft Word.lnk
    MSN.lnk
    Opera.lnk
    Windows Live Messenger.lnk
    Windows Messenger.lnk
    Windows Movie Maker.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\
    Calculatrice.lnk
    desktop.ini
    Paint.lnk
    Scanner and Camera Wizard.lnk
    WordPad.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Accessibilité\
    Assistant Accessibilité.lnk
    desktop.ini
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Communications\
    Assistant Configuration du réseau.lnk
    Assistant Nouvelle connexion.lnk
    Assistant Réseau sans fil.lnk
    Connexion Bureau à distance.lnk
    Connexions réseau.lnk
    desktop.ini
    HyperTerminal.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Divertissement\
    Contrôle du volume.lnk
    desktop.ini
    Magnétophone.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Accessoires\Outils système\
    Assistant Transfert de fichiers et de paramètres.lnk
    Centre de sécurité.lnk
    desktop.ini
    Défragmenteur de disque.lnk
    Gestion des sauvegardes.lnk
    Informations système.lnk
    Nettoyage de disque.lnk
    Restauration du système.lnk
    Table des caractères.lnk
    Tâches planifiées.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVir PersonalEdition Classic\
    AntiVir Help.lnk
    Avira AntiVir Personal on the Internet.lnk
    Start Avira AntiVir Personal.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Dr.Web\
    Dr.Web Aide (Anglais).lnk
    Dr.Web Aide (Français).lnk
    Désinstaller Dr.Web.lnk
    Mise à jour automatique.lnk
    Programmateur.lnk
    Scanner Dr.Web.lnk
    SpIDer Aide (Anglais).lnk
    SpIDer Aide (Français).lnk
    SpIDer Mail.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Dr.Web\Journaux\
    Journal de SpIDer Guard.lnk
    Journal de SpIDer Mail.lnk
    Journal du Scanner.lnk
    Mise à jour automatique du journal.lnk
    Paramètres de Dr.Web.lnk
    Programmateur log.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    desktop.ini
    Microsoft Office.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Free Video Converter\
    Désinstaller Free Video Converter.lnk
    Free Video Converter.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\
    HijackThis.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux\
    Atout Pique sur Internet.lnk
    Backgammon sur Internet.lnk
    Dame de pique sur Internet.lnk
    Dame de Pique.lnk
    desktop.ini
    Démineur.lnk
    Freecell.lnk
    Jeu de dames sur Internet.lnk
    Pinball.lnk
    Reversi sur Internet.lnk
    Solitaire.lnk
    Spider Solitaire.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\JPEG PC Camera\
    Uninstall.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack\
    Media Player Classic.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack\Configuration\
    Codec Tweak Tool.lnk
    DirectVobSub.lnk
    Haali Media Splitter.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack\Configuration\ffdshow\
    Audio decoder configuration.lnk
    VFW configuration.lnk
    Video decoder configuration.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack\Help\
    FAQ.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack\Information\
    About.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack\Tools\
    Codec Tweak Tool.lnk
    GSpot Codec Information.lnk
    VobSubStrip.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack\Uninstall\
    Uninstall K-Lite Codec Pack.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware\
    Désinstaller Malwarebytes' Anti-Malware.lnk
    Malwarebytes' Anti-Malware Help.lnk
    Malwarebytes' Anti-Malware.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\
    Navilog1.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\
    Analyseur de performances.lnk
    desktop.ini
    Gestion de l'ordinateur.lnk
    Observateur d'événements.lnk
    Services de composants.lnk
    Services.lnk
    Sources de données (ODBC).lnk
    Stratégie de sécurité locale.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils Microsoft Office\
    Activer le produit.lnk
    Assistant Enregistrement des paramètres personnels.lnk
    Bibliothèque Multimédia Microsoft.lnk
    Microsoft Access Snapshot Viewer.lnk
    Microsoft Office Document Imaging.lnk
    Microsoft Office Document Scanning.lnk
    Paramètres linguistiques Microsoft Office XP.lnk
    Récupération d'applications Microsoft Office.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Photo-Brush\
    Photo-Brush.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinRAR\
    Aide de WinRAR.lnk
    Manuel de la console RAR.lnk
    WinRAR.lnk
    C:\Documents and Settings\All Users\Modèles\
    soffice.odg
    [0] Archive type: ZIP
    --> settings.xml
    --> styles.xml
    --> META-INF/manifest.xml
    --> content.xml
    --> meta.xml
    --> mimetype
    soffice.odp
    [0] Archive type: ZIP
    --> META-INF/manifest.xml
    --> content.xml
    --> meta.xml
    --> mimetype
    --> settings.xml
    --> styles.xml
    soffice.ods
    [0] Archive type: ZIP
    --> content.xml
    --> meta.xml
    --> mimetype
    --> settings.xml
    --> styles.xml
    --> META-INF/manifest.xml
    soffice.odt
    [0] Archive type: ZIP
    --> META-INF/manifest.xml
    --> content.xml
    --> meta.xml
    --> mimetype
    --> settings.xml
    --> styles.xml
    C:\Documents and Settings\Default User\
    NTUSER.DAT
    C:\Documents and Settings\Default User\Application Data\
    desktop.ini
    C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\
    brndlog.bak
    brndlog.txt
    C:\Documents and Settings\Default User\Cookies\
    index.dat
    C:\Documents and Settings\Default User\Local Settings\
    desktop.ini
    C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\
    CurrentDatabase_59R.wmdb
    C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\
    WMSDKNS.DTD
    WMSDKNS.XML
    C:\Documents and Settings\Default User\Local Settings\Historique\
    desktop.ini
    C:\Documents and Settings\Default User\Local Settings\Historique\History.IE5\
    desktop.ini
    index.dat
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\
    desktop.ini
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\
    desktop.ini
    index.dat
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\2VYBWVAT\
    desktop.ini
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6XKF2X4V\
    desktop.ini
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IVU3QZ0T\
    desktop.ini
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\Y9GFYZW5\
    desktop.ini
    C:\Documents and Settings\Default User\Menu Démarrer\
    desktop.ini
    C:\Documents and Settings\Default User\Menu Démarrer\Programmes\
    Assistance à distance.lnk
    desktop.ini
    Lecteur Windows Media.lnk
    C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Accessoires\
    Assistant Compatibilité des programmes.lnk
    Bloc-notes.lnk
    desktop.ini
    Explorateur Windows.lnk
    Invite de commandes.lnk
    Synchroniser.lnk
    Visite guidée de Windows XP.lnk
    C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Accessoires\Accessibilité\
    Clavier visuel.lnk
    desktop.ini
    Gestionnaire d'utilitaires.lnk
    Loupe.lnk
    C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Accessoires\Divertissement\
    desktop.ini
    Lecteur Windows Media.lnk
    C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\
    desktop.ini
    C:\Documents and Settings\Default User\Modèles\
    amipro.sam
    excel.xls
    excel4.xls
    lotus.wk4
    powerpnt.ppt
    presenta.shw
    quattro.wb2
    sndrec.wav
    winword.doc
    winword2.doc
    wordpfct.wpd
    wordpfct.wpg
    C:\Documents and Settings\Default User\SendTo\
    Bureau (créer un raccourci).DeskLink
    desktop.ini
    Destinataire.MAPIMail
    Dossier compressé.ZFSendToTarget
    C:\Documents and Settings\LocalService\
    NTUSER.DAT
    [WARNING] The file could not be opened!
    ntuser.dat.LOG
    [WARNING] The file could not be opened!
    ntuser.ini
    C:\Documents and Settings\LocalService\Cookies\
    index.dat
    C:\Documents and Settings\LocalService\Local Settings\
    desktop.ini
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\
    UsrClass.dat
    [WARNING] The file could not be opened!
    UsrClass.dat.LOG
    [WARNING] The file could not be opened!
    C:\Documents and Settings\LocalService\Local Settings\Historique\
    desktop.ini
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\
    desktop.ini
    index.dat
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\
    desktop.ini
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\
    desktop.ini
    index.dat
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A7YD4TAL\
    desktop.ini
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CV8RYHU7\
    desktop.ini
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GVIDG5WN\
    desktop.ini
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QLATOD8X\
    desktop.ini
    C:\Documents and Settings\NetworkService\
    NTUSER.DAT
    [WARNING] The file could not be opened!
    ntuser.dat.LOG
    [WARNING] The file could not be opened!
    ntuser.ini
    C:\Documents and Settings\NetworkService\Local Settings\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\
    UsrClass.dat
    [WARNING] The file could not be opened!
    UsrClass.dat.LOG
    [WARNING] The file could not be opened!
    C:\Documents and Settings\NetworkService\Local Settings\Historique\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2VYBWVAT\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6XKF2X4V\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IVU3QZ0T\
    desktop.ini
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y9GFYZW5\
    desktop.ini
    C:\Documents and Settings\r\
    NTUSER.DAT
    [WARNING] The file could not be opened!
    ntuser.dat.LOG
    [WARNING] The file could not be opened!
    ntuser.ini
    C:\Documents and Settings\r\Application Data\
    desktop.ini
    C:\Documents and Settings\r\Application Data\Adobe\Acrobat\9.0\
    AdobeCMapFnt09.lst
    AdobeSysFnt09.lst
    SharedDataEvents
    TMDocs.sav
    TMGrpPrm.sav
    UserCache.bin
    C:\Documents and Settings\r\Application Data\Adobe\Acrobat\9.0\JavaScripts\
    glob.js
    glob.settings.js
    C:\Documents and Settings\r\Application Data\Adobe\Flash Player\AssetCache\5HYPMC3Q\
    AF07B46903A6C5D87A24725CB7D50DE352A0383C.heu
    AF07B46903A6C5D87A24725CB7D50DE352A0383C.swz
    cacheSize.txt
    C:\Documents and Settings\r\Application Data\LimeWire\
    createtimes.cache
    downloads.dat
    fileurns.bak
    fileurns.cache
    filters.props
    gnutella.net
    installation.props
    library.dat
    limewire.props
    mojito.props
    questions.props
    responses.cache
    simpp.xml
    spam.dat
    tables.props
    ttrees.cache
    ttroot.cache
    version.xml
    versions.props
    C:\Documents and Settings\r\Application Data\LimeWire\promotion\
    promodb.backup
    promodb.data
    promodb.properties
    promodb.script
    C:\Documents and Settings\r\Application Data\LimeWire\themes\
    windows_theme.lwtp
    [0] Archive type: ZIP
    --> 01_star.gif
    --> 02_star.gif
    --> 03_star.gif
    --> 04_star.gif
    --> 05_star.gif
    --> chat.gif
    --> forward_dn.gif
    --> forward_up.gif
    --> kill.gif
    --> kill_on.gif
    --> pause_dn.gif
    --> pause_up.gif
    --> play_dn.gif
    --> play_up.gif
    --> question.gif
    --> rewind_dn.gif
    --> rewind_up.gif
    --> stop_dn.gif
    --> stop_up.gif
    --> theme.txt
    --> warning.gif
    C:\Documents and Settings\r\Application Data\LimeWire\themes\windows_theme\
    01_star.gif
    02_star.gif
    03_star.gif
    04_star.gif
    05_star.gif
    chat.gif
    forward_dn.gif
    forward_up.gif
    kill.gif
    kill_on.gif
    pause_dn.gif
    pause_up.gif
    play_dn.gif
    play_up.gif
    question.gif
    rewind_dn.gif
    rewind_up.gif
    stop_dn.gif
    stop_up.gif
    theme.txt
    warning.gif
    C:\Documents and Settings\r\Application Data\Macromedia\Flash Player\#SharedObjects\46DL6G7D\s.ytimg.com\
    soundData.sol
    videostats.sol
    C:\Documents and Settings\r\Application Data\Macromedia\Flash Player\#SharedObjects\46DL6G7D\skype.com\#ui\
    preferences.sol
    C:\Documents and Settings\r\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
    settings.sol
    C:\Documents and Settings\r\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\
    settings.sol
    C:\Documents and Settings\r\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
    mbam-log-8-16-2008 (12-12-49).txt
    C:\Documents and Settings\r\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\
    BACKUP1.98531
    QUAR1.98531
    C:\Documents and Settings\r\Application Data\Media Player Classic\
    default.mpcpl
    C:\Documents and Settings\r\Application Data\Microsoft\Address Book\
    r.wab
    r.wab~
    C:\Documents and Settings\r\Application Data\Microsoft\CryptnetUrlCache\Content\
    087486FD43937B4695C52643C96BB94D
    090F20467957B5DB76D35949C905F503
    0EBB3788D77094423275558212CCE7B1
    2BF68F4714092295550497DD56F57004
    33EF5DC954745FDB1C94EDBF02CDC43B
    3C83474D61E624A4F9844DF935AFE217
    5553AF14BD4C3B1DE599145FD14950E0
    60E31627FDA0A46932B0E5948949F2A5
    696F3DE637E6DE85B458996D49D759AD
    71644221AC231DBD2359C18EBB2118DC
    7B2238AACCEDC3F1FFE8E7EB5F575EC9
    903E3CF4DB61C46D2F6070EBE103A37F
    94308059B57B3142E455B38A6EB92015
    [0] Archive type: CAB (Microsoft)
    --> authroot.stl
    A44F4E7CB3133FF765C39A53AD8FCFDD
    A8FABA189DB7D25FBA7CAC806625FD30
    B2F4B1D39F0694C6CDB433BC3CCF1418
    B69D763EB21649DA26F20618312DEE70
    C571B417AAF1F617555A0486AB3F5361
    CFC456E7E410D69E2C6F3E2DB75C7DB3
    D9446DF6FD9BABE04CC252D4F0FB3D01
    E6024EAC88E6B6165D49FE3C95ADD735
    FB788E090BC1F3AA2FBC9E8FB2859601
    C:\Documents and Settings\r\Application Data\Microsoft\CryptnetUrlCache\MetaData\
    087486FD43937B4695C52643C96BB94D
    090F20467957B5DB76D35949C905F503
    0EBB3788D77094423275558212CCE7B1
    2BF68F4714092295550497DD56F57004
    33EF5DC954745FDB1C94EDBF02CDC43B
    3C83474D61E624A4F9844DF935AFE217
    5553AF14BD4C3B1DE599145FD14950E0
    60E31627FDA0A46932B0E5948949F2A5
    696F3DE637E6DE85B458996D49D759AD
    71644221AC231DBD2359C18EBB2118DC
    7B2238AACCEDC3F1FFE8E7EB5F575EC9
    903E3CF4DB61C46D2F6070EBE103A37F
    94308059B57B3142E455B38A6EB92015
    A44F4E7CB3133FF765C39A53AD8FCFDD
    A8FABA189DB7D25FBA7CAC806625FD30
    B2F4B1D39F0694C6CDB433BC3CCF1418
    B69D763EB21649DA26F20618312DEE70
    C571B417AAF1F617555A0486AB3F5361
    CFC456E7E410D69E2C6F3E2DB75C7DB3
    D9446DF6FD9BABE04CC252D4F0FB3D01
    E6024EAC88E6B6165D49FE3C95ADD735
    FB788E090BC1F3AA2FBC9E8FB2859601
    C:\Documents and Settings\r\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1417001333-688789844-1801674531-1003\
    371813c988125449752a0af2e6f17f60_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    655a3eed8580cca045000e274e045e9e_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    83aa4cc77f591dfc2374580bbd95f6ba_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    c5cd16fc8644b32e50702746555ead39_0d4e441a-76d2-4bd5-b349-c54d1e24366c
    C:\Documents and Settings\r\Application Data\Microsoft\HTML Help\
    hh.dat
    [0] Archive type: CHM
    --> /WINDOWS/Help/spider.chm/windefault
    C:\Documents and Settings\r\Application Data\Microsoft\IdentityCRL\PROD\
    ppcrlconfig.dll
    C:\Documents and Settings\r\Application Data\Microsoft\IdentityCRL\production\
    ppcrlconfig.dll
    C:\Documents and Settings\r\Application Data\Microsoft\IMJP8_1\
    imjp81u.dic
    C:\Documents and Settings\r\Application Data\Microsoft\Internet Explorer\
    brndlog.bak
    brndlog.txt
    Desktop.htt
    C:\Documents and Settings\r\Application Data\Microsoft\Internet Explorer\Quick Launch\
    Bureau.scf
    desktop.ini
    Démarrer Internet Explorer.lnk
    Free Video Converter.lnk
    Lecteur Windows Media.lnk
    Media Player Classic.lnk
    Opera.lnk
    Windows Live Messenger.lnk
    C:\Documents and Settings\r\Application Data\Microsoft\Media Player\
    0063F1B1.wpl
    C:\Documents and Settings\r\Application Data\Microsoft\Modèles\
    Normal.dot
    C:\Documents and Settings\r\Application Data\Microsoft\MSN Messenger\1560865652\
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    sqmnoopt02.sqm
    sqmnoopt03.sqm
    sqmnoopt04.sqm
    C:\Documents and Settings\r\Application Data\Microsoft\Office\
    fbc8B.tmp
    MSO1033.acl
    MSO1036.acl
    MSO5121.acl
    C:\Documents and Settings\r\Application Data\Microsoft\Office\Fichiers récents\
    09-Je n'enverrai plus d'E-mails.lnk
    09-Les fees du dehors.lnk
    Courrieradressauxhommespolitiquesetelus[1].doc.url
    CV Madjid.lnk
    Demander_un_CNF.doc.lnk
    fichiers sur www.maizouna-meram.org.url
    index.dat
    maternity sur www.uniset.ca.url
    mat_fr.rtf.url
    Mes documents.lnk
    Ministre_identit-nationale_RAISON-ETAT.doc.url
    Modèles.lnk
    Nouveau dossier.lnk
    Rar$DI00.219.lnk
    Rar$DI00.500.lnk
    temporary_download.lnk
    C:\Documents and Settings\r\Application Data\Microsoft\Protect\
    CREDHIST
    C:\Documents and Settings\r\Application Data\Microsoft\Protect\S-1-5-21-1417001333-688789844-1801674531-1003\
    a9ffc051-ff20-4533-b814-abf8e2be8547
    Preferred
    C:\Documents and Settings\r\Application Data\Microsoft\Windows\Themes\
    Custom.theme
    C:\Documents and Settings\r\Application Data\Microsoft\Windows Live Call\djibril_max@hotmail.com\
    CHOutgoing.dat
    UserConfiguration.dat
    C:\Documents and Settings\r\Application Data\Microsoft\Windows Live Call\Logs\
    msncalllog2.txt
    msncalllog3.txt
    C:\Documents and Settings\r\Application Data\Microsoft\Épreuve\
    PERSO.DIC
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\autotext\
    mytexts.bau
    [0] Archive type: ZIP
    --> BlockList.xml
    --> META-INF/manifest.xml
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\basic\
    dialog.xlc
    script.xlc
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\basic\Standard\
    dialog.xlb
    Module1.xba
    script.xlb
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\config\
    arrowhd_fr.soe
    autotbl.fmt
    classic_fr.sog
    cmyk.soc
    gallery.soc
    hatching_fr.soh
    html.soc
    javasettings_Windows_x86.xml
    modern_fr.sog
    palette_fr.soc
    standard.sob
    [0] Archive type: ZIP
    --> mimetype
    --> Pictures/100000000000005E0000005E48284FC1.png
    --> Pictures/100000000000000800000008913C8356.png
    --> Pictures/100000000000005E0000005E229C8222.png
    --> Pictures/100000000000005E0000005E706D9D1A.png
    --> Pictures/100000000000005E0000005ECB5F19AD.png
    --> Pictures/100000000000005E0000005EC3443446.png
    --> Pictures/100000000000005E0000005EB758AAC8.png
    --> Pictures/100000000000005E0000005E2AC2D17B.png
    --> Pictures/10000000000000B4000000874138D207.png
    --> Pictures/100000000000005E0000005EC3FCE171.png
    --> Pictures/100000000000005E0000005EC7B70664.png
    --> Pictures/100000000000005E0000005E2FA489E1.png
    --> Pictures/100000000000005E0000005E18D2F70E.png
    --> Pictures/100000000000005E0000005E803C4F28.png
    --> Pictures/100000000000005E0000005E513A4C71.png
    --> Pictures/100000000000005E0000005E469E6667.png
    --> Pictures/100000000000005E0000005E7F0C5E7C.png
    --> Pictures/100000000000005E0000005EB9C46970.png
    --> Pictures/100000000000005E0000005E43C87AF2.png
    --> Pictures/100000000000005E0000005EE2D09D89.png
    --> Pictures/100000000000005E0000005E134DD71B.png
    --> Content.xml
    --> META-INF/manifest.xml
    standard.soc
    standard.sod
    standard.soe
    standard.sog
    standard.soh
    styles_fr.sod
    sun-color.soc
    web.soc
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\config\soffice.cfg\global\accelerator\fr\
    current.xml
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\config\soffice.cfg\modules\dbapp\accelerator\fr\
    current.xml
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\config\soffice.cfg\modules\swform\accelerator\fr\
    current.xml
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\database\
    biblio.odb
    [0] Archive type: ZIP
    --> mimetype
    --> content.xml
    --> settings.xml
    --> META-INF/manifest.xml
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\database\biblio\
    biblio.dbf
    biblio.dbt
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\gallery\
    sg100.sdv
    sg100.thm
    sg30.sdv
    sg30.thm
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\registry\cache\
    org.openoffice.FirstStartWizard.dat
    org.openoffice.Inet.dat
    org.openoffice.LDAP.dat
    org.openoffice.Office.Addons.dat
    org.openoffice.Office.Commands.dat
    org.openoffice.Office.Common.dat
    org.openoffice.Office.Compatibility.dat
    org.openoffice.Office.DataAccess.dat
    org.openoffice.Office.Embedding.dat
    org.openoffice.Office.Events.dat
    org.openoffice.Office.Java.dat
    org.openoffice.Office.Jobs.dat
    org.openoffice.Office.Linguistic.dat
    org.openoffice.Office.Logging.dat
    org.openoffice.Office.Paths.dat
    org.openoffice.Office.ProtocolHandler.dat
    org.openoffice.Office.Recovery.dat
    org.openoffice.Office.SFX.dat
    org.openoffice.Office.Substitution.dat
    org.openoffice.Office.TabBrowse.dat
    org.openoffice.Office.TypeDetection.dat
    org.openoffice.Office.UI.BaseWindowState.dat
    org.openoffice.Office.UI.Controller.dat
    org.openoffice.Office.UI.dat
    org.openoffice.Office.UI.DbuCommands.dat
    org.openoffice.Office.UI.Factories.dat
    org.openoffice.Office.UI.GenericCommands.dat
    org.openoffice.Office.UI.GlobalSettings.dat
    org.openoffice.Office.UI.WriterCommands.dat
    org.openoffice.Office.UI.WriterFormWindowState.dat
    org.openoffice.Office.Views.dat
    org.openoffice.Office.Writer.dat
    org.openoffice.Office.WriterWeb.dat
    org.openoffice.Setup.dat
    org.openoffice.System.dat
    org.openoffice.TypeDetection.Filter.dat
    org.openoffice.TypeDetection.Misc.dat
    org.openoffice.TypeDetection.Types.dat
    org.openoffice.ucb.Configuration.dat
    org.openoffice.ucb.Store.dat
    org.openoffice.UserProfile.dat
    org.openoffice.VCL.dat
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\registry\data\org\openoffice\
    Setup.xcu
    UserProfile.xcu
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\registry\data\org\openoffice\Office\
    Common.xcu
    DataAccess.xcu
    Jobs.xcu
    Linguistic.xcu
    Logging.xcu
    Recovery.xcu
    Views.xcu
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\uno_packages\cache\
    log.txt
    stamp.sys
    uno_packages.db
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\
    common.rdb
    unorc
    Windows_x86.rdb
    Windows_x86rc
    C:\Documents and Settings\r\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\
    registered_packages.db
    C:\Documents and Settings\r\Application Data\Opera\Opera\profile\
    browser.js
    cookies4.dat
    download.dat
    global.dat
    opcacrt6.dat
    opcert6.dat
    opera.dir
    opera6.adr
    opera6.ini
    opicacrt6.dat
    oprand.dat
    opssl6.dat
    opthumb.dat
    optrust.dat
    opuntrust.dat
    override_downloaded.ini
    vlink4.dat
    wand.dat
    C:\Documents and Settings\r\Application Data\Opera\Opera\profile\sessions\
    autosave.win
    autosave.win.bak
    C:\Documents and Settings\r\Application Data\Opera\Opera\profile\styles\user\
    accessibility.css
    altdebugger.css
    classid.css
    contrastbw.css
    contrastwb.css
    disablebreaks.css
    disablefloats.css
    disableforms.css
    disablepositioning.css
    disabletables.css
    outline.css
    structureblock.css
    structureinline.css
    structuretables.css
    tablelayout.css
    toc.css
    C:\Documents and Settings\r\Application Data\Opera\Opera\profile\toolbar\
    standard_toolbar (1).ini
    C:\Documents and Settings\r\Application Data\Opera\Opera\profile\widgets\
    widgets.dat
    C:\Documents and Settings\r\Application Data\Opera\Opera7\Mail\
    index.ini
    msgidcache.dat
    C:\Documents and Settings\r\Application Data\Opera\Opera7\profile\
    adprefs.ini
    cookies4.dat
    jswarn.dir
    opcacrt6.dat
    opcert6.dat
    opera6.adr
    opera6.adr.bak
    opera6.ini
    oprand.dat
    opssl6.dat
    search.ini
    urlwarn.dir
    C:\Documents and Settings\r\Application Data\Opera\Opera7\profile\sessions\
    Opera Software.win
    C:\Documents and Settings\r\Application Data\Opera\Opera7\profile\UnInst\DfltBrws\32\
    f_htm
    f_html
    p_http
    p_https
    C:\Documents and Settings\r\Application Data\Skype\
    shared.lck
    shared.xml
    C:\Documents and Settings\r\Application Data\Skype\bachir27\
    config.lck
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\
    call1024.dbb
    call256.dbb
    call512.dbb
    callmember256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    chatmsg512.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile256.dbb
    transfer256.dbb
    transfer512.dbb
    user1024.dbb
    user4096.dbb
    voicemail256.dbb
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\01\
    0106ac5b86cbb792.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\02\
    02737ffc251be0b7.dat
    027f4ef759f2a89e.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\09\
    09df4f4e7ed96b51.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\0e\
    0e0aab400251150b.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\0f\
    0f7398f20d90d785.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\13\
    133883ee742bd271.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\1b\
    1be394a691db2e09.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\23\
    233aeb7ba13ed332.dat
    2396f76c8e9745e7.dat
    23d7522bc2a9a4a2.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\44\
    442a617ba7e62132.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\56\
    56576d40c25edf0b.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\70\
    7034d8a05f7d97eb.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\77\
    7708993aee38d0ed.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\7d\
    7d0b853a4c3b6ced.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\84\
    84c6b53657a8c0d9.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\88\
    88b59686b8ee5769.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\91\
    91dd9ce5ddbc7044.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\94\
    942b3c5623054479.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\9c\
    9c19db3696127ed9.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\9e\
    9e6aa93050b89abb.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\9f\
    9ffbec027289e6d5.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\a0\
    a0189c09131be7f8.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\ac\
    ac6de31566b71f34.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\bd\
    bdb590e6a702db49.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\c4\
    c4bb304d9109294c.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\d8\
    d825f128fe43ca93.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\df\
    dfcc53c156e78690.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\eb\
    eb33f98c614b3087.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\chatsync\ef\
    efc66864112642bf.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\bachir2726\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\
    call256.dbb
    call512.dbb
    callmember256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg1024.dbb
    chatmsg2048.dbb
    chatmsg256.dbb
    chatmsg512.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile4096.dbb
    transfer256.dbb
    transfer512.dbb
    user1024.dbb
    user16384.dbb
    user256.dbb
    user32768.dbb
    user4096.dbb
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\0a\
    0a391efa48ebadad.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\0d\
    0d5c75223d207475.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\10\
    102d9cc8ba9f84b3.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\11\
    11a6b615b8783e34.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\14\
    14b81850ddf9a65b.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\15\
    15a73967ea894cce.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\19\
    196b88abdb1c3522.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\23\
    23f013859cbb2164.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\2a\
    2ae079285aa07293.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\2f\
    2f52c728ddbdf893.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\32\
    32ef22585fa81083.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\34\
    3420feb02a0ec63b.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\35\
    356be9c22fc21b95.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\38\
    3834f98168930350.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\42\
    424b6fe53a868f44.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\43\
    4340a4124513ef25.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\47\
    47daf57c38c7ac37.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\50\
    506c04630f43a7ba.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\52\
    52222d06db3ac7e9.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\53\
    53bba32fbc80d5b6.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\59\
    59f5a9a90f908c18.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\5e\
    5ec1997850ba4423.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\61\
    6175378572d0d564.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\6a\
    6af37579f21a3728.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\6b\
    6be274483cbc3a33.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\6c\
    6c7be8dca9700d17.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\72\
    72819c9028aefb9b.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\77\
    7789cb241ae2707f.dat
    77dff5e03869ea2b.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\7b\
    7b0a8cbabf1b126d.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\80\
    80f22017f6dc9e3e.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\83\
    8363924da641134c.dat
    83ae4b11d7468b20.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\86\
    86665b01b9246ad0.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\88\
    88302210c92e171b.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\8b\
    8beb7f8ed5101c91.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\94\
    9406371da291fb5c.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\95\
    955c76da02af850d.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\98\
    98c0a66ed355fef1.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\99\
    99b758484aa0ae33.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\9a\
    9ad69e3e080c8601.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\9b\
    9b1291d337a87aea.dat
    9b333d7ff2210946.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\9e\
    9eb28d6a1535e5dd.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\a4\
    a45c960e71f30d11.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\ab\
    ab5a938c44823287.dat
    ab90ffd1d41d52e0.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\ad\
    ad68db53404a6a6a.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\b0\
    b0c130908178df9b.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\b2\
    b206d1d8bd9afe03.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\b3\
    b37bd430e31b71bb.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\b5\
    b552b36b31034ae2.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\ba\
    ba7ea41c86247557.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\bb\
    bbbb95c346671e9a.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\bc\
    bc63d7b1a6ceaa40.dat
    bc6812c037a89a8b.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\c1\
    c14cbb5d85b8509c.dat
    c1892abd264e1d7c.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\cd\
    cd46b3cd558b3acc.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\cf\
    cf1286ddf955ca1c.dat
    cfc60c63573dcfba.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\d1\
    d10295072f5776ee.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\d4\
    d4096696dc6bd7b9.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\d7\
    d75b7d67536aa0ce.dat
    d79f25a69a1c0309.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\db\
    db6de3814d559550.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\dd\
    dd476d8b8e75cd82.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\de\
    defc1a523e60fe65.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\e1\
    e1e22c4a1788203d.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\e2\
    e22076fa1ad865ad.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\e6\
    e6a8224e166a8a51.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\f3\
    f37a24db77a89212.dat
    f3a47d0f79ee3716.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\f8\
    f89cd7718a41e900.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\fa\
    faca08a8f5ccc013.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\chatsync\fe\
    fe148c857c607e64.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\chinwiking\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\
    call256.dbb
    callmember256.dbb
    chat256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    chatmsg512.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile4096.dbb
    user1024.dbb
    user16384.dbb
    user256.dbb
    user4096.dbb
    voicemail256.dbb
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\04\
    04f45439eaedd0e8.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\06\
    06142f30397238bb.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\0e\
    0e3ae22877e37f93.dat
    0e4b6c884b3ad373.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\14\
    14acd734ff901ccf.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\17\
    1784108834520773.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\1c\
    1c1f6b55ed908874.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\1e\
    1e85580680379ee9.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\1f\
    1ff753870f64af6e.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\21\
    216b1ffd2f34a7bc.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\24\
    248a6f6964f8a8d8.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\28\
    285ce075486bb214.dat
    28cbf59beaeee5d2.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\29\
    299e37c2a19fa195.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\30\
    304301a4260e00ff.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\34\
    34ba8ee8c3931f53.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\36\
    367689b3ab0f724a.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\38\
    38fa9cb15a438340.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\40\
    4062c7321de87ec5.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\49\
    4900041982a36048.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\4d\
    4d6e82a4fb0e85ff.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\55\
    5553b8e5734efc44.dat
    557ce23a941d3ded.dat
    55e1c9b3bee7b24a.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\56\
    56a6c2800708494b.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\57\
    5709e20fb9cc3016.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\59\
    5963607e50041141.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\5f\
    5f36bc7b9480e832.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\62\
    62b4bcca08e872bd.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\63\
    63f056a2f91e5bf5.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\67\
    67fbcd9b0cc61dd2.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\6b\
    6b8e9173f915d90a.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\6d\
    6d6b7eaf3c209f36.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\6e\
    6ee405622c6005b5.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\6f\
    6f28942643e0ab89.dat
    6f9cc24c4bcc5c47.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\73\
    7317e46441a1aebf.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\76\
    7605075489eded6f.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\78\
    7806291b65aa6752.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\7b\
    7b96027fac91e246.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\81\
    810aec5b4ca0f792.dat
    81bfe2ebd821b862.dat
    81ef11e82d0eae53.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\92\
    922fe25edc7bbaa1.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\9c\
    9c51b35717493e7e.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\9f\
    9fbbeda0f5d400eb.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\a3\
    a3d98852a5762465.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\a6\
    a6c74538cb60dee3.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\af\
    af1a00eef21e4371.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\b6\
    b62822a45e0ea5ff.dat
    b63a4f5ba622e692.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\bd\
    bd97937b66a61b32.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\c9\
    c9542b1666112e39.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\cb\
    cbb777189c5af843.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\d6\
    d63f701aa237234d.dat
    d6c0d97413ebe80f.dat
    d6d6f1c239114395.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\dd\
    dd443d7a1608c62d.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\e2\
    e25e3074bfbf9b0f.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\e3\
    e38f7fe8d8f2d453.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\e5\
    e59f87e4d0f0603f.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\e8\
    e8b47876042c5119.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\ee\
    ee03cb345f6ee0cf.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\f0\
    f07761b2e4190345.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\f2\
    f2cc3166a4277dc9.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\f3\
    f3a8b1974057f5be.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\f5\
    f5cb2eae0bec6831.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\f8\
    f876360538db4de4.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\fa\
    fa7cedd992103108.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\chatsync\fe\
    fe39554e4a858951.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\djibril_max\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\ibliss\
    config.lck
    C:\Documents and Settings\r\Application Data\Skype\iblissfilsduchitan\
    call256.dbb
    callmember256.dbb
    chat256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile1024.dbb
    user1024.dbb
    user16384.dbb
    C:\Documents and Settings\r\Application Data\Skype\iblissfilsduchitan\chatsync\03\
    03f4fd75674f4314.dat
    C:\Documents and Settings\r\Application Data\Skype\iblissfilsduchitan\chatsync\87\
    87242479bf36a228.dat
    C:\Documents and Settings\r\Application Data\Skype\iblissfilsduchitan\chatsync\b8\
    b8a1b8c87b2810b3.dat
    C:\Documents and Settings\r\Application Data\Skype\iblissfilsduchitan\chatsync\d2\
    d299e48b32b32082.dat
    C:\Documents and Settings\r\Application Data\Skype\iblissfilsduchitan\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\iblissfilsduchitan\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\
    call1024.dbb
    call256.dbb
    callmember256.dbb
    chat256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    chatmsg512.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile256.dbb
    user1024.dbb
    user256.dbb
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\chatsync\31\
    314a8501faff3cd0.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\chatsync\80\
    801fa839be9274e8.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\chatsync\9e\
    9e565c1e6e285b61.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\chatsync\cc\
    ccc8c0653f7ca1c4.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\chatsync\d6\
    d6674ee77750384e.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\chatsync\ed\
    ed0dfae19775aa30.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\ismail220594\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\
    call1024.dbb
    call256.dbb
    call512.dbb
    callmember256.dbb
    chat256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    chatmsg512.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile4096.dbb
    transfer256.dbb
    user1024.dbb
    user16384.dbb
    user256.dbb
    user4096.dbb
    voicemail256.dbb
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\1d\
    1d8769c931fe2cb8.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\1e\
    1ea316f290b04d85.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\23\
    23e556a86f374613.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\31\
    313b32a8ec689213.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\40\
    408d80bb15b87d72.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\41\
    4112bd5c4e01b397.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\45\
    45728fe0d2bcec2b.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\4a\
    4a817516cb39a039.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\52\
    52e61d08dc63c5f3.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\66\
    665e225723f0697e.dat
    66ffac92975a99a5.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\70\
    70b7d10b17903f02.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\76\
    7661549434a02faf.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\95\
    954cce0867dc3af3.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\9e\
    9e2255679c34d8ce.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\a3\
    a3fdb6ca9e6b54bd.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\aa\
    aa298ab0a38d823b.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\bd\
    bd559a69dffd7fd8.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\be\
    be221a65b3f163c4.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\c6\
    c664d41ba510be52.dat
    c6b1a946ac95f529.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\eb\
    ebc95c02d19d16d5.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\f7\
    f7733adf0c6a9c26.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\f8\
    f807ccb2b5b81a45.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\fb\
    fb1160943be46baf.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\chatsync\fe\
    fed0383156e00cc0.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\katyc2627\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\mos120755\
    call1024.dbb
    call2048.dbb
    call256.dbb
    call512.dbb
    callmember256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile256.dbb
    user1024.dbb
    user256.dbb
    C:\Documents and Settings\r\Application Data\Skype\mos120755\chatsync\46\
    46558da15416c7f0.dat
    C:\Documents and Settings\r\Application Data\Skype\mos120755\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\mos120755\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\naomi290391\
    call256.dbb
    callmember256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile256.dbb
    user1024.dbb
    user4096.dbb
    C:\Documents and Settings\r\Application Data\Skype\naomi290391\chatsync\53\
    5332dcd4bd1998ef.dat
    C:\Documents and Settings\r\Application Data\Skype\naomi290391\chatsync\b7\
    b7edc2d26104c8e5.dat
    C:\Documents and Settings\r\Application Data\Skype\naomi290391\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\naomi290391\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\naominaomi\
    config.lck
    C:\Documents and Settings\r\Application Data\Skype\Pictures\
    Video call snapshot 1.png
    C:\Documents and Settings\r\Application Data\Skype\pumabdelsslam\
    call256.dbb
    callmember256.dbb
    chat512.dbb
    chatmember256.dbb
    chatmsg256.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile256.dbb
    user1024.dbb
    user256.dbb
    C:\Documents and Settings\r\Application Data\Skype\pumabdelsslam\chatsync\1a\
    1a25f6270fa43c8e.dat
    C:\Documents and Settings\r\Application Data\Skype\pumabdelsslam\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\pumabdelsslam\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\r.abdelsslam\
    call256.dbb
    callmember256.dbb
    config.lck
    config.xml
    contactgroup256.dbb
    index2.dat
    profile16384.dbb
    user1024.dbb
    user16384.dbb
    user256.dbb
    C:\Documents and Settings\r\Application Data\Skype\r.abdelsslam\dyncontent\
    bundle.dat
    C:\Documents and Settings\r\Application Data\Skype\r.abdelsslam\httpfe\
    cookies.dat
    C:\Documents and Settings\r\Application Data\Skype\sawsaw\
    config.lck
    C:\Documents and Settings\r\Application Data\Skype
    24 Août 2008 18:36:26

    Re,

    Poste un nouveau rapport HijackThis.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    25 Août 2008 01:42:42

    re,
    pour le PC j'ai l'impression qu'il est plus lent depuis que j'ai instaler antivir sinon il ne cause pas de probléme pour le moment
    voici le rapport hijakthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:39:40, on 26/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93EA3207-3AD7-4B94-AF49-2FD6666C9462}: NameServer = 208.67.222.222 208.67.220.220
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 4951 bytes
    25 Août 2008 12:48:16

    Citation :
    pour le PC j'ai l'impression qu'il est plus lent depuis que j'ai instaler antivir sinon il ne cause pas de probléme pour le moment


    Et pourtant c'est l'un des plus léger ! C'est normal que ce soit légèrement plus lent, mais bon, tu ne peux pas te passer de protection antivirale :) 

    Télécharge OTViewIt et sauvegarde-le sur ton bureau.
  • Ferme toutes les fenêtres et double-clique sur l'icône d'OTviewIT pour l'ouvrir.
  • Clique sur le bouton Run Scan et laisse le programme travailler sans l'interrompre.
  • Il va produire deux rapports, l'un nommé OTViewIt.txt, et un autre nommé Extras qui sera sauvegardé sur ton bureau. Merci de me poster les deux rapports dans ta prochaine réponse.
  • Un rapport par message ! Merci.

    ;) 
    26 Août 2008 19:53:49

    salut!!!
    voici le 1er rapport



    OTViewIt logfile created on: 27/08/2008 18:43:46 - Run 1
    OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\r\Bureau
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    223,30 Mb Total Physical Memory | 135,32 Mb Available Physical Memory | 60,60% Memory free
    546,43 Mb Paging File | 331,70 Mb Available in Paging File | 60,70% Paging File free
    Paging file location(s): C:\pagefile.sys 336 672;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37,26 Gb Total Space | 24,42 Gb Free Space | 65,53% Space Free | Partition Type: NTFS
    Drive D: | 39,06 Gb Total Space | 24,64 Gb Free Space | 63,09% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: H-37B8E0089C404
    Current User Name: r
    Logged in as Administrator.
    Current Boot Mode: Normal
    Scan Mode: Current user

    ===== Processes - Non-Microsoft Only =====

    [06/12/2008 02:46 PM | 00,068,865 | ---- | M] (Avira GmbH) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    [03/07/2005 09:33 PM | 00,053,248 | R--- | M] (S3 Graphics, Inc.) - C:\WINDOWS\system32\VTTimer.exe
    [03/11/2005 11:33 AM | 00,147,456 | R--- | M] (S3 Graphics Co., Ltd.) - C:\WINDOWS\system32\VTTrayp.exe
    [06/20/2005 03:42 PM | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
    [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    [06/12/2008 02:28 PM | 00,266,497 | ---- | M] (Avira GmbH) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    [08/07/2008 11:25 PM | 00,171,448 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    [08/23/2008 03:43 PM | 00,149,761 | ---- | M] (Avira GmbH) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    [08/27/2008 06:40 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\r\Bureau\OTViewIt.exe

    ===== Win32 Services - Non-Microsoft Only =====

    (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Auto | Running]
    [06/12/2008 02:46 PM | 00,068,865 | ---- | M] (Avira GmbH) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    (AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Auto | Running]
    [08/23/2008 03:43 PM | 00,149,761 | ---- | M] (Avira GmbH) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    (dmadmin) Service d'administration du Gestionnaire de disque logique [On_Demand | Stopped]
    [08/04/2004 01:54 AM | 00,225,280 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

    (gusvc) Google Updater Service [On_Demand | Stopped]
    [08/07/2008 11:25 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    ===== Driver Services - Non-Microsoft Only =====

    (ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
    [06/20/2005 04:08 PM | 02,324,480 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

    (avgio) avgio [System | Running]
    [02/27/2007 03:25 PM | 00,011,840 | ---- | M] (Avira GmbH) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

    (avgntflt) avgntflt [On_Demand | Running]
    [05/20/2008 04:29 PM | 00,052,032 | ---- | M] (Avira GmbH) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

    (avipbb) avipbb [System | Running]
    [06/27/2008 03:03 PM | 00,075,072 | ---- | M] (Avira GmbH) - C:\WINDOWS\system32\drivers\avipbb.sys

    (CAM1690) USB 2.0 Compliance JPEG Video Camera [On_Demand | Running]
    [12/20/2006 04:33 PM | 00,121,088 | ---- | M] () - C:\WINDOWS\system32\drivers\cam1690.sys

    (catchme) catchme [On_Demand | Stopped]
    File not found - C:\DOCUME~1\r\LOCALS~1\Temp\catchme.sys

    (dmboot) dmboot [Disabled | Stopped]
    [08/04/2004 01:46 AM | 00,800,256 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

    (dmio) Pilote de Gestionnaire de disque logique [Boot | Running]
    [08/04/2004 01:46 AM | 00,154,496 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

    (dmload) dmload [Boot | Running]
    [10/02/2001 08:17 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

    (FETNDIS) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet [On_Demand | Running]
    [08/17/2001 10:13 PM | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) - C:\WINDOWS\system32\drivers\fetnd5.sys

    (MBAMSwissArmy) MBAMSwissArmy [On_Demand | Stopped]
    [07/30/2008 08:07 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\system32\drivers\mbamswissarmy.sys

    (NPF) Netgroup Packet Filter [On_Demand | Stopped]
    [06/29/2007 08:01 AM | 00,042,512 | ---- | M] (CACE Technologies) - C:\WINDOWS\system32\drivers\npf.sys

    (Ptilink) Pilote de liaison parallèle directe [On_Demand | Running]
    [10/02/2001 08:18 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

    (Secdrv) Secdrv [On_Demand | Stopped]
    [07/17/2004 12:36 PM | 00,027,440 | ---- | M] () - C:\WINDOWS\system32\drivers\secdrv.sys

    (ssmdrv) ssmdrv [System | Running]
    [03/01/2007 10:34 AM | 00,028,352 | ---- | M] (Avira GmbH) - C:\WINDOWS\system32\drivers\ssmdrv.sys

    (viagfx) viagfx [On_Demand | Running]
    [08/24/2005 07:08 AM | 00,237,312 | R--- | M] (Copyright (C) VIA/S3 Graphics Co, Ltd.) - C:\WINDOWS\system32\drivers\vtmini.sys

    (vsdatant) vsdatant [On_Demand | Stopped]
    File not found - C:\WINDOWS\system32\vsdatant.sys

    ===== Run Keys =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
    "avgnt" = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min [06/12/2008 02:28 PM | 00,266,497 | ---- | M] (Avira GmbH)
    "DrWebScheduler" = "C:\Program Files\DrWeb\DRWEBSCD.EXE" File not found
    "MSPY2002" = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [08/03/2004 11:31 PM | 00,059,392 | ---- | M] ()
    "SoundMan" = SOUNDMAN.EXE [06/20/2005 03:42 PM | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.)
    "SpIDerMail" = "C:\Program Files\DrWeb\spiderml.exe" File not found
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
    "VTTimer" = VTTimer.exe [03/07/2005 09:33 PM | 00,053,248 | R--- | M] (S3 Graphics, Inc.)
    "VTTrayp" = VTtrayp.exe [03/11/2005 11:33 AM | 00,147,456 | R--- | M] (S3 Graphics Co., Ltd.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "load" = Reg Error: Value load does not exist or could not be read.
    "run" = Reg Error: Value run does not exist or could not be read.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg" = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [08/07/2008 11:25 PM | 00,171,448 | ---- | M] (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "load" =
    "run" = Reg Error: Value run does not exist or could not be read.

    ===== Startup Folders =====

    [All Users Startup Folder - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

    [r Startup Folder - C:\Documents and Settings\r\Menu Démarrer\Programmes\Démarrage]

    ===== BHO's =====

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:56 PM | 02,436,160 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

    ===== Toolbars =====

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    HKLM CLSID: (&Google) - [01/19/2007 11:56 PM | 02,436,160 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    HKLM CLSID: (&Google) - [01/19/2007 11:56 PM | 02,436,160 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

    "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"
    HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

    ===== Policies =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    Unable to open key or key not present!


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "dontdisplaylastusername" = 0
    "legalnoticecaption" =
    "legalnoticetext" =
    "shutdownwithoutlogon" = 1
    "undockwithoutlogon" = 1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun" = 145

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    Unable to open key or key not present!


    ===== Desktop Components =====

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "FriendlyName" = "Ma page d'accueil"
    "Source" = "About:Home"
    "SubscribedURL" = "About:Home"

    ===== Shared Task Scheduler =====

    ===== AppInit_Dlls =====

    ===== Lsa Authentication Packages =====

    ===== Lsa Security Packages =====

    ===== Authorized Applications List =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 01:55 AM | 00,142,336 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:55 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 01:55 AM | 00,142,336 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:55 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Valve\CStrike_1.6\hl.exe" = C:\Program Files\Valve\CStrike_1.6\hl.exe [07/16/2004 02:58 PM | 00,081,920 | ---- | M] (Valve)
    "C:\Program Files\Gizmo5\mDNSResponder.exe" = C:\Program Files\Gizmo5\mDNSResponder.exe File not found
    "C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe File not found
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [07/23/2008 02:11 PM | 21,738,792 | R--- | M] (Skype Technologies S.A.)

    ===== HKLM Winlogon Settings =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
    "Explorer.exe" - [08/04/2004 01:54 AM | 01,036,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
    "C:\WINDOWS\system32\userinit.exe" - [08/04/2004 01:55 AM | 00,025,088 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
    "logonui.exe" - [08/04/2004 01:54 AM | 00,515,584 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
    "rundll32 shell32" - [08/04/2004 01:54 AM | 08,440,320 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    "Control_RunDLL "sysdm.cpl"" - [08/04/2004 01:55 AM | 00,305,152 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

    ===== User's Winlogon Settings =====

    ===== Winlogon Notify Settings =====

    ===== Safeboot Options =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
    "AlternateShell" = cmd.exe

    ===== Disabled MsConfig Items =====
    Unable to open key or key not present!


    ===== DNS Name Servers =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3E745589-300A-4259-962D-D08BAD7F3ED4}]
    Servers: | Description:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D53C28C2-0AD6-4317-8C9E-F10244BF3B2A}]
    Servers: | Description: Carte VIA PCI 10/100Mo Fast Ethernet

    ===== CDRom AutoRun Settings =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
    "AutoRun" = 1

    ===== Autorun Files on Drives =====

    AUTOEXEC.BAT []
    [08/07/2008 09:29 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

    autorun.inf []
    [07/20/2008 02:16 AM | RHSD | M] D:\autorun.inf [ NTFS ]

    ===== MountPoints2 =====

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ce4c629-64b8-11dd-891e-0016ec52cb06}\Shell]
    "" = None

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ce4c629-64b8-11dd-891e-0016ec52cb06}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [08/04/2004 01:54 AM | 08,440,320 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ce4c629-64b8-11dd-891e-0016ec52cb06}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4a827bb-6625-11dd-8932-0016ec52cb06}\Shell]
    "" = None

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4a827bb-6625-11dd-8932-0016ec52cb06}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [08/04/2004 01:54 AM | 08,440,320 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4a827bb-6625-11dd-8932-0016ec52cb06}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    ===== Hosts File =====

    HOSTS File = (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    First 25 entries...
    127.0.0.1 localhost



    [Files/Folders - Created Within 30 days]
    [08/07/2008 09:21 PM | 00,000,212 | -HS- | C] () - C:\boot.ini
    [08/07/2008 09:29 PM | 00,000,000 | ---- | C] () - C:\AUTOEXEC.BAT
    [08/07/2008 09:29 PM | 00,000,000 | ---- | C] () - C:\CONFIG.SYS
    [08/07/2008 09:29 PM | 00,000,000 | RHS- | C] () - C:\IO.SYS
    [08/07/2008 09:29 PM | 00,000,000 | RHS- | C] () - C:\MSDOS.SYS
    [08/07/2008 09:34 PM | -HSD | C] - C:\System Volume Information
    [08/07/2008 10:39 PM | -HSD | C] - C:\RECYCLER
    [08/07/2008 11:17 PM | 00,000,244 | -H-- | C] () - C:\sqmnoopt00.sqm
    [08/07/2008 11:17 PM | 00,000,268 | -H-- | C] () - C:\sqmdata00.sqm
    [08/09/2008 03:18 PM | ---D | C] - C:\Anuman Interactive
    [08/09/2008 04:29 PM | ---D | C] - C:\PMAIL
    [08/12/2008 01:30 AM | ---D | C] - C:\Y.D.T
    [08/17/2008 12:06 AM | ---D | C] - C:\Temp
    [08/20/2008 05:01 PM | ---D | C] - C:\Documents and Settings
    [08/21/2008 02:58 AM | ---D | C] - C:\ToolBar SD
    [08/21/2008 08:44 PM | ---D | C] - C:\_OTMoveIt
    [08/27/2008 05:03 PM | R--D | C] - C:\Program Files
    [08/27/2008 06:34 PM | ---D | C] - C:\WINDOWS
    [05/14/2002 01:08 PM | 00,094,208 | ---- | C] () - C:\WINDOWS\System32\dllcache\fpencode.dll
    [07/17/2004 12:45 PM | 00,007,334 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [07/17/2004 12:48 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_28603.nls
    [08/03/2004 11:31 PM | 00,059,392 | ---- | C] () - C:\WINDOWS\System32\dllcache\imscinst.exe
    [08/03/2004 11:31 PM | 00,173,568 | ---- | C] () - C:\WINDOWS\System32\dllcache\chtskf.dll
    [08/03/2004 11:31 PM | 00,175,104 | ---- | C] () - C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [08/03/2004 11:31 PM | 00,196,665 | ---- | C] () - C:\WINDOWS\System32\dllcache\imjpinst.exe
    [08/04/2004 01:54 AM | 00,004,639 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.exe
    [08/04/2004 01:54 AM | 00,032,768 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\isrdbg32.dll
    [08/04/2004 01:54 AM | 00,381,952 | ---- | C] () - C:\WINDOWS\System32\dllcache\msinfo.dll
    [08/04/2004 01:55 AM | 00,284,160 | ---- | C] (Cinematronics) - C:\WINDOWS\System32\dllcache\pinball.exe
    [08/04/2004 02:43 AM | 00,009,581 | ---- | C] () - C:\WINDOWS\System32\dllcache\MSMSGS.CAT
    [08/04/2004 02:43 AM | 00,030,983 | ---- | C] () - C:\WINDOWS\System32\dllcache\FP4.CAT
    [08/04/2004 02:43 AM | 01,086,058 | ---- | C] () - C:\WINDOWS\System32\dllcache\NTPRINT.CAT
    [08/04/2004 02:45 AM | 00,011,651 | ---- | C] () - C:\WINDOWS\System32\dllcache\msn9.cat
    [08/04/2004 02:45 AM | 00,014,043 | ---- | C] () - C:\WINDOWS\System32\dllcache\IMS.CAT
    [08/04/2004 02:45 AM | 00,031,965 | ---- | C] () - C:\WINDOWS\System32\dllcache\mediactr.cat
    [08/04/2004 02:45 AM | 01,897,552 | ---- | C] () - C:\WINDOWS\System32\dllcache\NT5.CAT
    [08/04/2004 02:46 AM | 00,007,245 | ---- | C] () - C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
    [08/04/2004 02:46 AM | 00,019,569 | ---- | C] () - C:\WINDOWS\System32\dllcache\msn7.cat
    [08/04/2004 02:46 AM | 00,141,702 | ---- | C] () - C:\WINDOWS\System32\dllcache\netfx.cat
    [08/04/2004 02:46 AM | 00,623,110 | ---- | C] () - C:\WINDOWS\System32\dllcache\NT5INF.CAT
    [08/04/2004 02:52 AM | 00,103,124 | ---- | C] () - C:\WINDOWS\System32\dllcache\tabletpc.cat
    [08/04/2004 02:52 AM | 01,014,836 | ---- | C] () - C:\WINDOWS\System32\dllcache\SP2.CAT
    [08/23/2001 02:00 PM | 00,007,382 | ---- | C] () - C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [10/02/2001 08:16 PM | 00,108,827 | ---- | C] () - C:\WINDOWS\System32\dllcache\hanja.lex
    [10/02/2001 08:16 PM | 00,134,339 | ---- | C] () - C:\WINDOWS\System32\dllcache\imekr.lex
    [10/02/2001 08:16 PM | 01,158,818 | ---- | C] () - C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [10/02/2001 08:16 PM | 13,463,552 | ---- | C] () - C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [10/02/2001 08:17 PM | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esucmd.dll
    [10/02/2001 08:17 PM | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esunid.dll
    [10/02/2001 08:17 PM | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) - C:\WINDOWS\System32\dllcache\cap7146.sys
    [10/02/2001 08:17 PM | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\dllcache\esuimgd.dll
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10004.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10005.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10006.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10007.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10010.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10017.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10021.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10029.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10081.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10082.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1047.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1140.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1141.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1142.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1143.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1144.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1145.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1146.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1147.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1148.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1149.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20105.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20106.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20107.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20108.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20127.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20269.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20273.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20277.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20278.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20280.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20284.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20285.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20290.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20297.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20420.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20423.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20424.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20833.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20838.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20871.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20880.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20924.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_21025.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_21027.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_28594.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_28595.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_28596.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_28597.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_28599.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_708.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_870.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_875.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_720.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_737.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_852.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_855.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_857.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_858.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_862.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_864.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_866.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_869.nls
    [10/02/2001 08:17 PM | 00,066,728 | ---- | C] () - C:\WINDOWS\System32\dllcache\big5.nls
    [10/02/2001 08:17 PM | 00,082,172 | ---- | C] () - C:\WINDOWS\System32\dllcache\bopomofo.nls
    [10/02/2001 08:17 PM | 00,086,044 | ---- | C] (Digi International) - C:\WINDOWS\System32\dllcache\dgsetup.dll
    [10/02/2001 08:17 PM | 00,103,424 | ---- | C] (Equinox Systems Inc.) - C:\WINDOWS\System32\dllcache\eqnclass.dll
    [10/02/2001 08:17 PM | 00,162,850 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10001.nls
    [10/02/2001 08:17 PM | 00,173,602 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10008.nls
    [10/02/2001 08:17 PM | 00,173,602 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20002.nls
    [10/02/2001 08:17 PM | 00,173,602 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20936.nls
    [10/02/2001 08:17 PM | 00,176,157 | ---- | C] (Digi International, Inc.) - C:\WINDOWS\System32\dllcache\dgrpsetu.dll
    [10/02/2001 08:17 PM | 00,177,698 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10003.nls
    [10/02/2001 08:17 PM | 00,177,698 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20949.nls
    [10/02/2001 08:17 PM | 00,180,258 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20000.nls
    [10/02/2001 08:17 PM | 00,180,258 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20004.nls
    [10/02/2001 08:17 PM | 00,180,770 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20932.nls
    [10/02/2001 08:17 PM | 00,185,378 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20003.nls
    [10/02/2001 08:17 PM | 00,186,402 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20001.nls
    [10/02/2001 08:17 PM | 00,187,938 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_20005.nls
    [10/02/2001 08:17 PM | 00,189,986 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_1361.nls
    [10/02/2001 08:17 PM | 00,195,618 | ---- | C] () - C:\WINDOWS\System32\dllcache\c_10002.nls
    [10/02/2001 08:18 PM | 00,008,599 | ---- | C] () - C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [10/02/2001 08:18 PM | 00,013,312 | ---- | C] (Hilgraeve, Inc.) - C:\WINDOWS\System32\dllcache\htrn_jis.dll
    [10/02/2001 08:18 PM | 00,013,497 | ---- | C] () - C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [10/02/2001 08:18 PM | 00,037,509 | ---- | C] () - C:\WINDOWS\System32\dllcache\MW770.CAT
    [10/02/2001 08:18 PM | 00,047,066 | ---- | C] () - C:\WINDOWS\System32\dllcache\ksc.nls
    [10/02/2001 08:18 PM | 00,083,748 | ---- | C] () - C:\WINDOWS\System32\dllcache\prc.nls
    [10/02/2001 08:18 PM | 00,083,748 | ---- | C] () - C:\WINDOWS\System32\dllcache\prcp.nls
    [10/02/2001 08:18 PM | 00,399,670 | ---- | C] () - C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [10/02/2001 08:18 PM | 00,605,050 | ---- | C] () - C:\WINDOWS\System32\dllcache\r1033tts.lxa
    [10/02/2001 08:18 PM | 00,643,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\ltts1033.lxa
    [10/02/2001 08:18 PM | 00,809,394 | ---- | C] () - C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [10/02/2001 08:18 PM | 04,399,505 | ---- | C] () - C:\WINDOWS\System32\dllcache\nls302en.lex
    [10/02/2001 08:19 PM | 00,000,888 | ---- | C] () - C:\WINDOWS\System32\dllcache\sam.sdf
    [10/02/2001 08:19 PM | 00,000,984 | ---- | C] () - C:\WINDOWS\System32\dllcache\srframe.mmf
    [10/02/2001 08:19 PM | 00,024,661 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\dllcache\spxcoins.dll
    [10/02/2001 08:19 PM | 00,026,624 | ---- | C] (RICOH Co., Ltd.) - C:\WINDOWS\System32\dllcache\rw330ext.dll
    [10/02/2001 08:19 PM | 00,028,288 | ---- | C] () - C:\WINDOWS\System32\dllcache\xjis.nls
    [10/02/2001 08:19 PM | 00,081,408 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia001.dll
    [10/02/2001 08:19 PM | 00,081,408 | ---- | C] (Ricoh Co., Ltd.) - C:\WINDOWS\System32\dllcache\rwia330.dll
    [10/02/2001 08:19 PM | 01,685,606 | ---- | C] () - C:\WINDOWS\System32\dllcache\sam.spd
    [10/02/2001 08:18 PM | 00,000,790 | ---- | C] () - C:\WINDOWS\System32\drivers\etc\hosts.msn
    [01/21/2008 06:11 PM | 00,022,336 | ---- | C] (Avira GmbH) - C:\WINDOWS\System32\drivers\avgntmgr.sys
    [03/01/2007 10:34 AM | 00,028,352 | ---- | C] (Avira GmbH) - C:\WINDOWS\System32\drivers\ssmdrv.sys
    [05/09/2008 01:15 PM | 00,045,376 | ---- | C] (Avira GmbH) - C:\WINDOWS\System32\drivers\avgntdd.sys
    [06/20/2005 04:08 PM | 02,324,480 | R--- | C] (Realtek Semiconductor Corp.) - C:\WINDOWS\System32\drivers\ALCXWDM.SYS
    [06/27/2008 03:03 PM | 00,075,072 | ---- | C] (Avira GmbH) - C:\WINDOWS\System32\drivers\avipbb.sys
    [06/29/2007 08:01 AM | 00,042,512 | ---- | C] (CACE Technologies) - C:\WINDOWS\System32\drivers\npf.sys
    [07/30/2008 08:07 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
    [07/30/2008 08:07 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\drivers\disdn
    [08/07/2008 11:04 PM | ---D | C] - C:\WINDOWS\System32\drivers\etc
    [08/17/2001 10:13 PM | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) - C:\WINDOWS\System32\drivers\fetnd5.sys
    [08/24/2005 07:08 AM | 00,237,312 | R--- | C] (Copyright (C) VIA/S3 Graphics Co, Ltd.) - C:\WINDOWS\System32\drivers\vtmini.sys
    [1 C:\WINDOWS\System32\*.tmp files]
    [01/09/2007 06:46 PM | 00,010,752 | ---- | C] () - C:\WINDOWS\System32\ff_vfw.dll
    [01/11/2005 01:27 AM | 00,034,954 | R--- | C] () - C:\WINDOWS\System32\VTTrayP2.cfg
    [01/11/2005 01:27 AM | 00,047,889 | R--- | C] () - C:\WINDOWS\System32\VTTrayp.cfg
    [01/11/2005 12:34 AM | 00,035,496 | R--- | C] () - C:\WINDOWS\System32\VTGama_2.cfg
    [01/11/2005 12:34 AM | 00,048,406 | R--- | C] () - C:\WINDOWS\System32\VTGamma2.cfg
    [02/05/2002 07:54 AM | 00,141,016 | R--- | C] () - C:\WINDOWS\System32\ALSNDMGR.WAV
    [02/24/2005 06:56 PM | 00,000,547 | ---- | C] () - C:\WINDOWS\System32\ff_vfw.dll.manifest
    [03/07/2005 09:33 PM | 00,053,248 | R--- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\VTTimer.exe
    [03/11/2005 11:33 AM | 00,147,456 | R--- | C] (S3 Graphics Co., Ltd.) - C:\WINDOWS\System32\VTTrayp.exe
    [03/11/2005 11:36 AM | 00,397,312 | R--- | C] (S3 Graphics Co., Ltd.) - C:\WINDOWS\System32\VTovrlay.dll
    [03/11/2005 11:43 AM | 00,262,144 | R--- | C] (S3 Graphics Co., Ltd.) - C:\WINDOWS\System32\VTInfo2.dll
    [03/11/2005 11:45 AM | 00,360,448 | R--- | C] (S3 Graphics Co., Ltd.) - C:\WINDOWS\System32\VTGamma2.dll
    [05/23/2005 08:36 PM | 00,052,037 | R--- | C] () - C:\WINDOWS\System32\VTDispl3.cfg
    [05/23/2005 08:36 PM | 00,056,619 | R--- | C] () - C:\WINDOWS\System32\VTDispl2.cfg
    [05/23/2005 08:36 PM | 00,063,489 | R--- | C] () - C:\WINDOWS\System32\VTDisply.cfg
    [05/23/2005 08:36 PM | 00,581,632 | R--- | C] (S3 Graphics Co., Ltd.) - C:\WINDOWS\System32\VTDisply.dll
    [06/10/2003 12:01 AM | 00,062,536 | ---- | C] (Zone Labs Inc.) - C:\WINDOWS\System32\vsdata.dll
    [06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
    [06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
    [06/10/2008 02:32 AM | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
    [06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
    [06/20/2005 03:39 PM | 09,410,048 | R--- | C] (Realtek Semiconductor Corp.) - C:\WINDOWS\System32\RTLCPL.EXE
    [06/21/2005 04:09 AM | 18,751,488 | R--- | C] (Realtek Semiconductor Corp.) - C:\WINDOWS\System32\ALSNDMGR.CPL
    [06/29/2007 08:01 AM | 00,053,299 | ---- | C] () - C:\WINDOWS\System32\pthreadVC.dll
    [06/29/2007 08:01 AM | 00,068,224 | ---- | C] (CACE Technologies) - C:\WINDOWS\System32\WanPacket.dll
    [06/29/2007 08:01 AM | 00,088,704 | ---- | C] (CACE Technologies) - C:\WINDOWS\System32\Packet.dll
    [06/29/2007 08:01 AM | 00,240,240 | ---- | C] (CACE Technologies) - C:\WINDOWS\System32\wpcap.dll
    [07/17/2004 12:48 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_28603.nls
    [08/04/2004 01:54 AM | 00,032,768 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\isrdbg32.dll
    [08/04/2004 01:54 AM | 00,352,256 | ---- | C] (Hilgraeve, Inc.) - C:\WINDOWS\System32\hypertrm.dll
    [08/07/2008 09:22 PM | ---D | C] - C:\WINDOWS\System32\spool
    [08/07/2008 09:24 PM | 00,021,892 | ---- | C] () - C:\WINDOWS\System32\emptyregdb.dat
    [08/07/2008 09:24 PM | ---D | C] - C:\WINDOWS\System32\MsDtc
    [08/07/2008 09:27 PM | 00,000,749 | RH-- | C] () - C:\WINDOWS\System32\cdplayer.exe.manifest
    [08/07/2008 09:27 PM | 00,000,749 | RH-- | C] () - C:\WINDOWS\System32\ncpa.cpl.manifest
    [08/07/2008 09:27 PM | 00,000,749 | RH-- | C] () - C:\WINDOWS\System32\nwc.cpl.manifest
    [08/07/2008 09:27 PM | 00,000,749 | RH-- | C] () - C:\WINDOWS\System32\sapi.cpl.manifest
    [08/07/2008 09:27 PM | ---D | C] - C:\WINDOWS\System32\DirectX
    [08/07/2008 09:27 PM | ---D | C] - C:\WINDOWS\System32\oobe
    [08/07/2008 09:28 PM | 00,000,488 | RH-- | C] () - C:\WINDOWS\System32\logonui.exe.manifest
    [08/07/2008 09:28 PM | 00,000,488 | RH-- | C] () - C:\WINDOWS\System32\WindowsLogon.manifest
    [08/07/2008 09:29 PM | 00,003,072 | ---- | C] () - C:\WINDOWS\System32\CONFIG.NT
    [08/07/2008 09:29 PM | 00,016,832 | ---- | C] () - C:\WINDOWS\System32\amcompat.tlb
    [08/07/2008 09:29 PM | 00,023,392 | ---- | C] () - C:\WINDOWS\System32\nscompat.tlb
    [08/07/2008 09:29 PM | ---D | C] - C:\WINDOWS\System32\ias
    [08/07/2008 09:30 PM | ---D | C] - C:\WINDOWS\System32\wbem
    [08/07/2008 09:30 PM | ---D | C] - C:\WINDOWS\System32\xircom
    [08/07/2008 09:33 PM | 00,000,261 | ---- | C] () - C:\WINDOWS\System32\$winnt$.inf
    [08/07/2008 09:34 PM | ---D | C] - C:\WINDOWS\System32\config
    [08/07/2008 09:34 PM | ---D | C] - C:\WINDOWS\System32\Restore
    [08/07/2008 09:34 PM | --SD | C] - C:\WINDOWS\System32\Microsoft
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\1025
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\1028
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\1031
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\1037
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\1041
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\1042
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\1054
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\2052
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\3076
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\3com_dmi
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\dhcp
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\export
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\IME
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\inetsrv
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\mui
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\ShellExt
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\System32\wins
    [08/07/2008 11:04 PM | ---D | C] - C:\WINDOWS\System32\1036
    [08/07/2008 11:04 PM | ---D | C] - C:\WINDOWS\System32\icsxml
    [08/07/2008 11:04 PM | ---D | C] - C:\WINDOWS\System32\ras
    [08/07/2008 11:10 PM | ---D | C] - C:\WINDOWS\System32\npp
    [08/07/2008 11:11 PM | ---D | C] - C:\WINDOWS\System32\Setup
    [08/07/2008 11:11 PM | ---D | C] - C:\WINDOWS\System32\usmt
    [08/07/2008 11:15 PM | ---D | C] - C:\WINDOWS\System32\DRVSTORE
    [08/08/2008 01:50 AM | ---D | C] - C:\WINDOWS\System32\Macromed
    [08/09/2008 07:55 PM | ---D | C] - C:\WINDOWS\System32\1033
    [08/09/2008 07:55 PM | ---D | C] - C:\WINDOWS\System32\Com
    [08/09/2008 12:47 AM | ---D | C] - C:\WINDOWS\System32\appmgmt
    [08/10/2008 05:04 PM | ---D | C] - C:\WINDOWS\System32\SoftwareDistribution
    [08/11/2008 03:01 AM | ---D | C] - C:\WINDOWS\System32\PreInstall
    [08/12/2008 01:30 AM | 00,000,305 | ---- | C] () - C:\WINDOWS\System32\treeinfo.dat
    [08/16/2008 05:06 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\Infoa.dat
    [08/16/2008 05:06 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\Infob.dat
    [08/17/2008 01:03 AM | 00,196,160 | ---- | C] () - C:\WINDOWS\System32\FNTCACHE.DAT
    [08/17/2008 11:10 PM | 00,878,130 | ---- | C] () - C:\WINDOWS\System32\PerfStringBackup.INI
    [08/23/2005 10:42 PM | 00,025,600 | R--- | C] (VIA) - C:\WINDOWS\System32\VModes.exe
    [08/23/2008 03:41 PM | ---D | C] - C:\WINDOWS\System32\drivers
    [08/23/2008 09:09 PM | RHSD | C] - C:\WINDOWS\System32\dllcache
    [08/23/2008 12:13 PM | 00,077,824 | ---- | C] (Doctor Web, Ltd.) - C:\WINDOWS\System32\DRWEBSP.DLL
    [08/24/2005 07:08 AM | 03,495,808 | R--- | C] (VIA/S3 Graphics Co, Ltd.) - C:\WINDOWS\System32\vtdisp.dll
    [08/24/2005 07:16 AM | 01,875,968 | R--- | C] (VIA/S3 Graphics, Inc.) - C:\WINDOWS\System32\vticd.dll
    [08/25/2008 11:54 AM | ---D | C] - C:\WINDOWS\System32\CatRoot
    [08/25/2008 11:54 AM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
    [08/27/2008 05:26 PM | ---D | C] - C:\WINDOWS\System32\CatRoot2
    [09/07/2004 08:23 AM | 00,156,672 | R--- | C] () - C:\WINDOWS\System32\RTLCPAPI.dll
    [10/02/2001 08:16 PM | 00,000,520 | ---- | C] () - C:\WINDOWS\System32\dayiphr.tbl
    [10/02/2001 08:16 PM | 00,000,700 | ---- | C] () - C:\WINDOWS\System32\dayiptr.tbl
    [10/02/2001 08:16 PM | 00,001,460 | ---- | C] () - C:\WINDOWS\System32\a15.tbl
    [10/02/2001 08:16 PM | 00,001,486 | ---- | C] () - C:\WINDOWS\System32\noise.kor
    [10/02/2001 08:16 PM | 00,002,060 | ---- | C] () - C:\WINDOWS\System32\noise.jpn
    [10/02/2001 08:16 PM | 00,002,714 | ---- | C] () - C:\WINDOWS\System32\phonptr.tbl
    [10/02/2001 08:16 PM | 00,004,071 | ---- | C] () - C:\WINDOWS\System32\phon.tbl
    [10/02/2001 08:16 PM | 00,014,821 | ---- | C] () - C:\WINDOWS\System32\PINTLPAD.HLP
    [10/02/2001 08:16 PM | 00,016,254 | ---- | C] () - C:\WINDOWS\System32\PINTLPAE.HLP
    [10/02/2001 08:16 PM | 00,016,312 | ---- | C] () - C:\WINDOWS\System32\arptr.tbl
    [10/02/2001 08:16 PM | 00,018,600 | ---- | C] () - C:\WINDOWS\System32\arrayhw.tab
    [10/02/2001 08:16 PM | 00,024,114 | ---- | C] () - C:\WINDOWS\System32\lcptr.tbl
    [10/02/2001 08:16 PM | 00,043,242 | ---- | C] () - C:\WINDOWS\System32\phoncode.tbl
    [10/02/2001 08:16 PM | 00,044,370 | ---- | C] () - C:\WINDOWS\System32\a234.tbl
    [10/02/2001 08:16 PM | 00,044,370 | ---- | C] () - C:\WINDOWS\System32\acode.tbl
    [10/02/2001 08:16 PM | 00,110,566 | ---- | C] () - C:\WINDOWS\System32\arphr.tbl
    [10/02/2001 08:16 PM | 00,116,285 | ---- | C] () - C:\WINDOWS\System32\msdayi.tbl
    [10/02/2001 08:16 PM | 00,146,126 | ---- | C] () - C:\WINDOWS\System32\array30.tab
    [10/02/2001 08:16 PM | 00,211,938 | ---- | C] () - C:\WINDOWS\System32\lcphrase.tbl
    [10/02/2001 08:16 PM | 01,158,818 | ---- | C] () - C:\WINDOWS\System32\korwbrkr.lex
    [10/02/2001 08:17 PM | 00,001,896 | ---- | C] () - C:\WINDOWS\System32\AUTOEXEC.NT
    [10/02/2001 08:17 PM | 00,022,984 | ---- | C] () - C:\WINDOWS\System32\bopomofo.uce
    [10/02/2001 08:17 PM | 00,024,006 | ---- | C] () - C:\WINDOWS\System32\gb2312.uce
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10004.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10005.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10006.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10007.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10010.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10017.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10021.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10029.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10081.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_10082.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_20127.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_20290.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_21027.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28594.NLS
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28595.NLS
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28596.NLS
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28597.NLS
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_28599.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_708.nls
    [10/02/2001 08:17 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\c_875.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_720.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_737.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_852.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_855.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_857.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_862.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_864.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_866.nls
    [10/02/2001 08:17 PM | 00,066,594 | ---- | C] () - C:\WINDOWS\System32\c_869.nls
    [10/02/2001 08:17 PM | 00,066,728 | ---- | C] () - C:\WINDOWS\System32\big5.nls
    [10/02/2001 08:17 PM | 00,082,172 | ---- | C] () - C:\WINDOWS\System32\bopomofo.nls
    [10/02/2001 08:17 PM | 00,086,044 | ---- | C] (Digi International) - C:\WINDOWS\System32\dgsetup.dll
    [10/02/2001 08:17 PM | 00,103,424 | ---- | C] (Equinox Systems Inc.) - C:\WINDOWS\System32\EqnClass.Dll
    [10/02/2001 08:17 PM | 00,162,850 | ---- | C] () - C:\WINDOWS\System32\c_10001.nls
    [10/02/2001 08:17 PM | 00,173,602 | ---- | C] () - C:\WINDOWS\System32\c_10008.nls
    [10/02/2001 08:17 PM | 00,173,602 | ---- | C] () - C:\WINDOWS\System32\c_20936.nls
    [10/02/2001 08:17 PM | 00,176,157 | ---- | C] (Digi International, Inc.) - C:\WINDOWS\System32\dgrpsetu.dll
    [10/02/2001 08:17 PM | 00,177,698 | ---- | C] () - C:\WINDOWS\System32\c_10003.nls
    [10/02/2001 08:17 PM | 00,177,698 | ---- | C] () - C:\WINDOWS\System32\c_20949.nls
    [10/02/2001 08:17 PM | 00,180,258 | ---- | C] () - C:\WINDOWS\System32\c_20000.nls
    [10/02/2001 08:17 PM | 00,180,770 | ---- | C] () - C:\WINDOWS\System32\c_20932.nls
    [10/02/2001 08:17 PM | 00,189,986 | ---- | C] () - C:\WINDOWS\System32\c_1361.nls
    [10/02/2001 08:17 PM | 00,195,618 | ---- | C] () - C:\WINDOWS\System32\c_10002.nls
    [10/02/2001 08:17 PM | 01,223,500 | ---- | C] () - C:\WINDOWS\System32\WINZM.MB
    [10/02/2001 08:17 PM | 01,564,868 | ---- | C] () - C:\WINDOWS\System32\WINSP.MB
    [10/02/2001 08:17 PM | 01,783,864 | ---- | C] () - C:\WINDOWS\System32\WINPY.MB
    [10/02/2001 08:18 PM | 00,000,768 | ---- | C] () - C:\WINDOWS\System32\msdtcprf.h
    [10/02/2001 08:18 PM | 00,003,914 | ---- | C] () - C:\WINDOWS\System32\msdtcprf.ini
    [10/02/2001 08:18 PM | 00,006,948 | ---- | C] () - C:\WINDOWS\System32\kanji_1.uce
    [10/02/2001 08:18 PM | 00,008,484 | ---- | C] () - C:\WINDOWS\System32\kanji_2.uce
    [10/02/2001 08:18 PM | 00,012,876 | ---- | C] () - C:\WINDOWS\System32\korean.uce
    [10/02/2001 08:18 PM | 00,044,544 | ---- | C] (Hilgraeve, Inc.) - C:\WINDOWS\System32\hticons.dll
    [10/02/2001 08:18 PM | 00,047,066 | ---- | C] () - C:\WINDOWS\System32\ksc.nls
    [10/02/2001 08:18 PM | 00,060,458 | ---- | C] () - C:\WINDOWS\System32\ideograf.uce
    [10/02/2001 08:18 PM | 00,083,748 | ---- | C] () - C:\WINDOWS\System32\prc.nls
    [10/02/2001 08:18 PM | 00,083,748 | ---- | C] () - C:\WINDOWS\System32\prcp.nls
    [10/02/2001 08:19 PM | 00,000,002 | ---- | C] () - C:\WINDOWS\System32\desktop.ini
    [10/02/2001 08:19 PM | 00,001,263 | ---- | C] () - C:\WINDOWS\System32\usrlogon.cmd
    [10/02/2001 08:19 PM | 00,003,286 | ---- | C] () - C:\WINDOWS\System32\tslabels.h
    [10/02/2001 08:19 PM | 00,016,740 | ---- | C] () - C:\WINDOWS\System32\shiftjis.uce
    [10/02/2001 08:19 PM | 00,024,661 | ---- | C] (Perle Systems Ltd.) - C:\WINDOWS\System32\spxcoins.dll
    [10/02/2001 08:19 PM | 00,027,768 | ---- | C] () - C:\WINDOWS\System32\tslabels.ini
    [10/02/2001 08:19 PM | 00,028,288 | ---- | C] () - C:\WINDOWS\System32\xjis.nls
    [10/02/2001 08:19 PM | 00,063,488 | ---- | C] () - C:\WINDOWS\System32\wmimgmt.msc
    [10/02/2001 08:19 PM | 00,093,702 | ---- | C] () - C:\WINDOWS\System32\subrange.uce
    [10/08/2004 12:21 AM | 00,033,451 | R--- | C] () - C:\WINDOWS\System32\VTOvrly2.cfg
    [10/08/2004 12:21 AM | 00,060,337 | R--- | C] () - C:\WINDOWS\System32\VTovrlay.cfg
    [12/07/2004 08:12 PM | 00,044,076 | R--- | C] () - C:\WINDOWS\System32\VTInfo2.cfg
    [3 C:\WINDOWS\*.tmp files]
    [04/18/2005 01:49 PM | 00,057,344 | ---- | C] (Webroot Software, Inc.) - C:\WINDOWS\Unwash6.exe
    [06/20/2005 03:42 PM | 00,077,824 | R--- | C] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
    [08/02/2008 05:38 PM | 00,000,025 | -H-- | C] () - C:\WINDOWS\qtf.dat
    [08/07/2008 09:23 PM | ---D | C] - C:\WINDOWS\Cursors
    [08/07/2008 09:24 PM | 00,000,036 | ---- | C] () - C:\WINDOWS\vb.ini
    [08/07/2008 09:24 PM | 00,000,037 | ---- | C] () - C:\WINDOWS\vbaddin.ini
    [08/07/2008 09:27 PM | 00,000,749 | RH-- | C] () - C:\WINDOWS\WindowsShell.Manifest
    [08/07/2008 09:27 PM | ---D | C] - C:\WINDOWS\srchasst
    [08/07/2008 09:28 PM | R--D | C] - C:\WINDOWS\Offline Web Pages
    [08/07/2008 09:28 PM | R--D | C] - C:\WINDOWS\Web
    [08/07/2008 09:29 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\control.ini
    [08/07/2008 09:29 PM | 00,004,205 | ---- | C] () - C:\WINDOWS\ODBCINST.INI
    [08/07/2008 09:29 PM | ---D | C] - C:\WINDOWS\Registration
    [08/07/2008 09:30 PM | ---D | C] - C:\WINDOWS\ime
    [08/07/2008 09:34 PM | 00,008,192 | ---- | C] () - C:\WINDOWS\REGLOCS.OLD
    [08/07/2008 09:34 PM | --SD | C] - C:\WINDOWS\Tasks
    [08/07/2008 09:39 PM | ---D | C] - C:\WINDOWS\security
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\Config
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\Connection Wizard
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\Driver Cache
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\java
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\msapps
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\mui
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\Provisioning
    [08/07/2008 11:02 PM | ---D | C] - C:\WINDOWS\Resources
    [08/07/2008 11:04 PM | ---D | C] - C:\WINDOWS\twain_32
    [08/07/2008 11:10 PM | ---D | C] - C:\WINDOWS\msagent
    [08/07/2008 11:11 PM | ---D | C] - C:\WINDOWS\ehome
    [08/07/2008 11:11 PM | ---D | C] - C:\WINDOWS\Media
    [08/07/2008 11:14 PM | ---D | C] - C:\WINDOWS\pchealth
    [08/08/2008 01:00 AM | --SD | C] - C:\WINDOWS\Downloaded Program Files
    [08/08/2008 05:44 PM | ---D | C] - C:\WINDOWS\Internet Logs
    [08/09/2008 07:52 PM | ---D | C] - C:\WINDOWS\system
    [08/09/2008 07:53 PM | ---D | C] - C:\WINDOWS\PeerNet
    [08/09/2008 08:01 PM | ---D | C] - C:\WINDOWS\repair
    [08/09/2008 08:18 PM | 00,000,050 | ---- | C] () - C:\WINDOWS\PDF2HTML.INI
    [08/09/2008 12:30 PM | ---D | C] - C:\WINDOWS\ShellNew
    [08/09/2008 12:33 PM | 00,000,385 | ---- | C] () - C:\WINDOWS\ODBC.INI
    [08/10/2008 05:04 PM | ---D | C] - C:\WINDOWS\SoftwareDistribution
    [08/11/2008 08:52 PM | 00,000,045 | ---- | C] () - C:\WINDOWS\iltwain.ini
    [08/16/2008 08:44 PM | R-SD | C] - C:\WINDOWS\Fonts
    [08/17/2008 04:51 PM | ---D | C] - C:\WINDOWS\AppPatch
    [08/17/2008 07:42 PM | 00,316,640 | ---- | C] () - C:\WINDOWS\WMSysPr9.prx
    [08/17/2008 11:05 PM | ---D | C] - C:\WINDOWS\WinSxS
    [08/18/2008 12:31 AM | ---D | C] - C:\WINDOWS\Microsoft.NET
    [08/18/2008 12:33 AM | R-SD | C] - C:\WINDOWS\assembly
    [08/23/2008 03:58 PM | ---D | C] - C:\WINDOWS\Help
    [08/23/2008 09:25 PM | ---D | C] - C:\WINDOWS\Debug
    [08/23/2008 11:13 AM | -HSD | C] - C:\WINDOWS\Installer
    [08/25/2008 11:53 AM | -H-D | C] - C:\WINDOWS\inf
    [08/27/2008 04:57 PM | ---D | C] - C:\WINDOWS\system32
    [08/27/2008 06:21 PM | 00,002,048 | --S- | C] () - C:\WINDOWS\bootstat.dat
    [08/27/2008 06:23 PM | ---D | C] - C:\WINDOWS\Temp
    [08/27/2008 06:34 PM | ---D | C] - C:\WINDOWS\Sun
    [08/27/2008 06:43 PM | ---D | C] - C:\WINDOWS\Prefetch
    [10/02/2001 08:17 PM | 00,001,272 | ---- | C] () - C:\WINDOWS\Rosace bleue 16.bmp
    [10/02/2001 08:17 PM | 00,016,730 | ---- | C] () - C:\WINDOWS\Plume.bmp
    [10/02/2001 08:17 PM | 00,017,062 | ---- | C] () - C:\WINDOWS\Tasse à café.bmp
    [10/02/2001 08:17 PM | 00,065,978 | ---- | C] () - C:\WINDOWS\Bulles de savon.bmp
    [10/02/2001 08:18 PM | 00,017,336 | ---- | C] () - C:\WINDOWS\Jour de pêche.bmp
    [10/02/2001 08:18 PM | 00,026,582 | ---- | C] () - C:\WINDOWS\Granit vert.bmp
    [10/02/2001 08:18 PM | 00,065,954 | ---- | C] () - C:\WINDOWS\Vent de prairie.bmp
    [10/02/2001 08:19 PM | 00,000,002 | ---- | C] () - C:\WINDOWS\desktop.ini
    [10/02/2001 08:19 PM | 00,009,522 | ---- | C] () - C:\WINDOWS\Zapotec.bmp
    [10/02/2001 08:19 PM | 00,017,362 | ---- | C] () - C:\WINDOWS\Rhododendron.bmp
    [10/02/2001 08:19 PM | 00,026,680 | ---- | C] () - C:\WINDOWS\Rivière Sumida.bmp
    [10/02/2001 08:19 PM | 00,049,102 | -HS- | C] () - C:\WINDOWS\winnt.bmp
    [10/02/2001 08:19 PM | 00,049,102 | -HS- | C] () - C:\WINDOWS\winnt256.bmp
    [10/02/2001 08:19 PM | 00,065,832 | ---- | C] () - C:\WINDOWS\Mur de Santa Fe.bmp
    [11/13/1998 12:16 PM | 00,308,224 | ---- | C] (InstallShield Software Corporation) - C:\WINDOWS\IsUn040c.exe
    [08/27/2008 06:21 PM | 00,000,006 | -H-- | C] () - C:\WINDOWS\tasks\SA.DAT
    [10/02/2001 08:18 PM | 00,000,065 | RH-- | C] () - C:\WINDOWS\tasks\desktop.ini
    [08/07/2008 10:37 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    [08/07/2008 11:13 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Application Data\desktop.ini
    [08/07/2008 11:18 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Google
    [08/08/2008 01:23 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [08/08/2008 07:26 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Skype
    [08/08/2008 12:49 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    [08/08/2008 12:49 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [08/09/2008 12:27 PM | --SD | C] - C:\Documents and Settings\All Users\Application Data\Microsoft
    [08/10/2008 09:21 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe
    [08/16/2008 05:36 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [08/16/2008 12:50 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [08/17/2008 02:48 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [08/17/2008 02:50 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\NCH Software
    [08/23/2008 03:41 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avira
    [08/07/2008 09:36 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Identities
    [08/07/2008 11:13 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\r\Application Data\desktop.ini
    [08/07/2008 11:23 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Google
    [08/08/2008 01:03 AM | ---D | C] - C:\Documents and Settings\r\Application Data\Macromedia
    [08/08/2008 07:36 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Opera
    [08/09/2008 08:48 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Ulead Systems
    [08/09/2008 12:25 AM | ---D | C] - C:\Documents and Settings\r\Application Data\OpenOffice.org2
    [08/10/2008 03:20 PM | ---D | C] - C:\Documents and Settings\r\Application Data\LimeWire
    [08/10/2008 06:58 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Media Player Classic
    [08/11/2008 11:27 PM | ---D | C] - C:\Documents and Settings\r\Application Data\InstallShield
    [08/11/2008 12:47 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Adobe
    [08/15/2008 08:21 AM | --SD | C] - C:\Documents and Settings\r\Application Data\Microsoft
    [08/16/2008 08:37 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Webroot
    [08/16/2008 12:50 AM | ---D | C] - C:\Documents and Settings\r\Application Data\Malwarebytes
    [08/17/2008 02:47 PM | ---D | C] - C:\Documents and Settings\r\Application Data\NCH Swift Sound
    [08/22/2008 09:01 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Sun
    [08/27/2008 04:20 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Gizmo5
    [08/27/2008 06:03 PM | ---D | C] - C:\Documents and Settings\r\Application Data\Skype
    [08/07/2008 11:18 PM | ---D | C] - C:\Documents and Settings\r\Local Settings\Application Data\Google
    [08/08/2008 07:36 PM | ---D | C] - C:\Documents and Settings\r\Local Settings\Application Data\Opera
    [08/11/2008 03:40 PM | ---D | C] - C:\Documents and Settings\r\Local Settings\Application Data\Adobe
    [08/16/2008 10:49 PM | 00,044,008 | ---- | C] () - C:\Documents and Settings\r\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [08/27/2008 03:19 AM | 02,642,450 | -H-- | C] () - C:\Documents and Settings\r\Local Settings\Application Data\IconCache.db
    [08/27/2008 06:35 PM | 00,019,968 | ---- | C] () - C:\Documents and Settings\r\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [08/27/2008 12:23 PM | ---D | C] - C:\Documents and Settings\r\Local Settings\Application Data\Microsoft
    [08/07/2008 09:23 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\Mes vidéos
    [08/07/2008 09:26 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\Mes images
    [08/07/2008 09:29 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\Ma musique
    [08/07/2008 11:13 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Documents\desktop.ini
    [07/24/2008 06:23 PM | 03,509,230 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Bismillah_1.mp3
    [08/07/2008 09:36 PM | 00,000,073 | -HS- | C] () - C:\Documents and Settings\r\Mes documents\desktop.ini
    [08/07/2008 09:36 PM | R--D | C] - C:\Documents and Settings\r\Mes documents\Ma musique
    [08/08/2008 02:16 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\My Skype Content
    [08/08/2008 05:25 PM | 00,000,572 | ---- | C] () - C:\Documents and Settings\r\Mes documents\spider.sav
    [08/08/2008 12:29 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\Mes Historiques de Conversation
    [08/09/2008 08:26 PM | 00,058,678 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Copie de mdr.JPG
    [08/09/2008 08:26 PM | 00,058,678 | ---- | C] () - C:\Documents and Settings\r\Mes documents\mdr.JPG
    [08/09/2008 12:24 AM | 00,002,283 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Nouvelle base de données.odb
    [08/14/2008 01:27 PM | 00,090,468 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Résultats de la recherche pour « demande certificat de nationalite francaise » dans le forum.htm
    [08/14/2008 02:49 PM | 00,014,164 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Étudier en France - FICHES PRATIQUES - Monique Cerisier-ben Guiga, Richard Yung, Sénateurs socialistes hors de France.htm
    [08/14/2008 02:49 PM | 00,089,703 | ---- | C] () - C:\Documents and Settings\r\Mes documents\02102.htm
    [08/16/2008 01:50 AM | 00,020,480 | ---- | C] () - C:\Documents and Settings\r\Mes documents\ne sèches pas un cours.doc
    [08/16/2008 09:09 PM | 45,748,204 | ---- | C] () - C:\Documents and Settings\r\Mes documents\r.a.p.musique.wav
    [08/18/2008 12:44 PM | ---D | C] - C:\Documents and Settings\r\Mes documents\Nouveau dossier (2)
    [08/21/2008 02:55 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\02102_fichiers
    [08/21/2008 02:55 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\Étudier en France - FICHES PRATIQUES - Monique Cerisier-ben Guiga, Richard Yung, Sénateurs socialistes hors de France_fichiers
    [08/21/2008 02:55 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\Nouveau dossier
    [08/21/2008 02:55 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\Résultats de la recherche pour « demande certificat de nationalite francaise » dans le forum_fichiers
    [08/22/2008 11:48 PM | 00,347,814 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Vers un état civil moderne et respectueux de la dignité des citoyens.htm
    [08/23/2008 10:58 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\Vers un état civil moderne et respectueux de la dignité des citoyens_fichiers
    [08/24/2008 02:09 AM | 00,015,872 | -HS- | C] () - C:\Documents and Settings\r\Mes documents\Thumbs.db
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
    [08/24/2008 02:09 AM | 00,145,356 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Video call snapshot 1.png
    [08/24/2008 02:22 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\104HP307
    [08/27/2008 01:32 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\Mes fichiers reçus
    [08/27/2008 05:22 PM | R--D | C] - C:\Documents and Settings\r\Mes documents\Mes images
    [08/27/2008 06:28 PM | 00,000,567 | ---- | C] () - C:\Documents and Settings\r\Mes documents\Mes dossiers de partage.lnk
    [08/27/2008 11:50 AM | ---D | C] - C:\Documents and Settings\r\Mes documents\logitiell
    [08/10/2008 06:57 PM | 00,000,940 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Media Player Classic.lnk
    [08/10/2008 09:20 PM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [08/10/2008 12:14 PM | 00,001,650 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Windows Live Messenger.lnk
    [08/12/2008 02:09 PM | 00,000,630 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
    [08/16/2008 12:50 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [08/22/2008 09:20 PM | 00,000,929 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Obtenir OpenOffice.org.lnk
    [08/23/2008 03:41 PM | 00,001,851 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
    [08/23/2008 11:13 AM | 00,000,592 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Opera.lnk
    [08/08/2008 02:09 AM | 00,002,243 | ---- | C] () - C:\Documents and Settings\r\Bureau\VideoCap.lnk
    [08/08/2008 07:34 PM | 00,000,722 | ---- | C] () - C:\Documents and Settings\r\Bureau\Skype.lnk
    [08/08/2008 08:35 PM | 00,000,178 | ---- | C] () - C:\Documents and Settings\r\Bureau\jamendo-playlist.m3u
    [08/10/2008 01:00 AM | 00,000,650 | ---- | C] () - C:\Documents and Settings\r\Bureau\Photo-Brush.lnk
    [08/10/2008 12:53 AM | 00,026,687 | ---- | C] () - C:\Documents and Settings\r\Bureau\Photos-0016.JPG
    [08/12/2008 02:46 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\r\Bureau\HijackThis.lnk
    [08/16/2008 07:24 PM | 10,575,633 | ---- | C] () - C:\Documents and Settings\r\Bureau\get_video.flv
    [08/18/2008 12:41 PM | 04,149,916 | ---- | C] () - C:\Documents and Settings\r\Bureau\get_video.mp3
    [08/20/2008 05:00 PM | 00,325,440 | ---- | C] () - C:\Documents and Settings\r\Bureau\ToolBarSD.exe
    [08/20/2008 12:35 PM | ---D | C] - C:\Documents and Settings\r\Bureau\musique mohamed
    [08/21/2008 08:37 PM | 00,291,840 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\r\Bureau\OTMoveIt2.exe
    [08/22/2008 12:09 PM | 15,984,024 | ---- | C] () - C:\Documents and Settings\r\Bureau\jre-6u7-windows-i586-p-s.exe
    [08/23/2008 12:45 PM | 00,001,548 | ---- | C] () - C:\Documents and Settings\r\Bureau\CCleaner.lnk
    [08/25/2008 03:09 PM | 05,460,710 | ---- | C] () - C:\Documents and Settings\r\Bureau\yamakassi.flv
    [08/25/2008 04:03 PM | 03,778,212 | ---- | C] () - C:\Documents and Settings\r\Bureau\sompson band annonce.flv
    [08/25/2008 04:25 PM | 03,778,212 | ---- | C] () - C:\Documents and Settings\r\Bureau\kjhk.flv
    [08/25/2008 05:41 PM | 00,028,751 | ---- | C] () - C:\Documents and Settings\r\Bureau\gay-chinois.jpg
    [08/25/2008 06:03 PM | 00,053,938 | ---- | C] () - C:\Documents and Settings\r\Bureau\p117031310.jpg
    [08/26/2008 01:32 AM | 00,390,700 | ---- | C] () - C:\Documents and Settings\r\Bureau\yx7944oq.gif
    [08/26/2008 01:33 AM | 00,027,402 | ---- | C] () - C:\Documents and Settings\r\Bureau\animaux-003.jpg
    [08/26/2008 09:12 PM | 00,001,617 | ---- | C] () - C:\Documents and Settings\r\Bureau\CStrike 1.6.lnk
    [08/27/2008 04:57 PM | 00,000,664 | ---- | C] () - C:\Documents and Settings\r\Bureau\Total Video Converter.lnk
    [08/27/2008 04:57 PM | 00,000,664 | ---- | C] () - C:\Documents and Settings\r\Bureau\Total Video Player.lnk
    [08/27/2008 05:07 PM | 00,005,632 | -HS- | C] () - C:\Documents and Settings\r\Bureau\Thumbs.db
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
    [08/27/2008 06:40 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\r\Bureau\OTViewIt.exe
    [08/07/2008 09:30 PM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
    [08/09/2008 12:30 PM | 00,001,740 | ---- | C] () - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    [08/07/2008 09:30 PM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\r\Menu Démarrer\Programmes\Démarrage\desktop.ini
    [08/07/2008 09:26 PM | ---D | C] - C:\Program Files\Fichiers communs\MSSoap
    [08/07/2008 09:26 PM | ---D | C] - C:\Program Files\Fichiers communs\Services
    [08/07/2008 11:13 PM | ---D | C] - C:\Program Files\Fichiers communs\ODBC
    [08/07/2008 11:13 PM | ---D | C] - C:\Program Files\Fichiers communs\SpeechEngines
    [08/08/2008 07:26 PM | ---D | C] - C:\Program Files\Fichiers communs\Skype
    [08/09/2008 08:48 PM | ---D | C] - C:\Program Files\Fichiers communs\InstallShield
    [08/09/2008 12:28 PM | ---D | C] - C:\Program Files\Fichiers communs\System
    [08/09/2008 12:30 PM | ---D | C] - C:\Program Files\Fichiers communs\Designer
    [08/09/2008 12:30 PM | ---D | C] - C:\Program Files\Fichiers communs\Microsoft Shared
    [08/10/2008 09:20 PM | ---D | C] - C:\Program Files\Fichiers communs\Adobe
    [08/16/2008 08:37 PM | ---D | C] - C:\Program Files\Fichiers communs\Webroot Shared
    [08/22/2008 09:12 PM | ---D | C] - C:\Program Files\Fichiers communs\Java
    [08/07/2008 09:23 PM | ---D | C] - C:\Program Files\MSN
    [08/07/2008 09:23 PM | ---D | C] - C:\Program Files\MSN Gaming Zone
    [08/07/2008 09:23 PM | ---D | C] - C:\Program Files\Windows NT
    [08/07/2008 09:24 PM | ---D | C] - C:\Program Files\ComPlus Applications
    [08/07/2008 09:24 PM | ---D | C] - C:\Program Files\Online Services
    [08/07/2008 09:25 PM | ---D | C] - C:\Program Files\Movie Maker
    [08/07/2008 09:26 PM | ---D | C] - C:\Program Files\NetMeeting
    [08/07/2008 09:26 PM | ---D | C] - C:\Program Files\Outlook Express
    [08/07/2008 09:27 PM | ---D | C] - C:\Program Files\Services en ligne
    [08/07/2008 09:29 PM | ---D | C] - C:\Program Files\Windows Media Player
    [08/07/2008 09:30 PM | ---D | C] - C:\Program Files\microsoft frontpage
    [08/07/2008 09:30 PM | ---D | C] - C:\Program Files\xerox
    [08/07/2008 11:17 PM | ---D | C] - C:\Program Files\Messenger Plus! Live
    [08/08/2008 01:50 AM | ---D | C] - C:\Program Files\Google
    [08/08/2008 01:56 AM | ---D | C] - C:\Program Files\JPEG PC Camera
    [08/08/2008 07:25 PM | ---D | C] - C:\Program Files\Opera7
    [08/08/2008 07:26 PM | ---D | C] - C:\Program Files\Skype
    [08/09/2008 12:28 PM | ---D | C] - C:\Program Files\Microsoft Office
    [08/09/2008 12:41 AM | ---D | C] - C:\Program Files\OpenOffice.org 2.4
    [08/10/2008 01:00 AM | ---D | C] - C:\Program Files\PhotoBrush
    [08/10/2008 01:36 PM | ---D | C] - C:\Program Files\WinRAR
    [08/10/2008 06:57 PM | ---D | C] - C:\Program Files\K-Lite Codec Pack
    [08/10/2008 09:19 PM | ---D | C] - C:\Program Files\Adobe
    [08/10/2008 12:14 PM | ---D | C] - C:\Program Files\MSN Messenger
    [08/11/2008 01:37 AM | ---D | C] - C:\Program Files\FLVPlayer
    [08/12/2008 02:46 PM | ---D | C] - C:\Program Files\Trend Micro
    [08/14/2008 02:06 PM | ---D | C] - C:\Program Files\Navilog1
    [0
    26 Août 2008 19:57:25

    re, voici le rapport Extras bon courrage pour l'interpretation parceque moi just a le voir sa me rend :pt1cable: 



    OTViewIt Extras logfile created on: 27/08/2008 18:43:47 - Run 1
    OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\r\Bureau
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    223,30 Mb Total Physical Memory | 135,32 Mb Available Physical Memory | 60,60% Memory free
    546,43 Mb Paging File | 331,70 Mb Available in Paging File | 60,70% Paging File free
    Paging file location(s): C:\pagefile.sys 336 672;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37,26 Gb Total Space | 24,42 Gb Free Space | 65,53% Space Free | Partition Type: NTFS
    Drive D: | 39,06 Gb Total Space | 24,64 Gb Free Space | 63,09% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    ===== File Associations =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] - File not found -
    .cmd [@ = cmdfile] - File not found -
    .com [@ = comfile] - File not found -
    .exe [@ = exefile] - File not found -
    .html [@ = Opera.HTML] - [08/14/2008 03:52 PM | 00,098,816 | ---- | M] (Opera Software) - C:\Program Files\Opera\opera.exe
    .pif [@ = piffile] - File not found -
    .scr [@ = scrfile] - File not found -

    ===== Uninstall List =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
    "{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{9211040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
    "{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
    "{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
    "{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
    "{F8B2B90C-3B86-476C-B6A1-AD9DECC01A51}" = JPEG USB Video Camera Driver v0.90
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player Plugin
    "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
    "CCleaner" = CCleaner (remove only)
    "CounterStrike 1.6 from VSI (Version 1.02)" = CounterStrike 1.6 from VSI (Version 1.02)
    "FLVPlayer" = FLV Player 1.3.3
    "HijackThis" = HijackThis 2.0.2
    "KB885884" = Correctif Windows XP - KB885884
    "KB898461" = Mise à jour pour Windows XP (KB898461)
    "KB901190" = Mise à jour de sécurité pour Windows XP (KB901190)
    "KB917344" = Mise à jour de sécurité pour Windows XP (KB917344)
    "KB942763" = Mise à jour pour Windows XP (KB942763)
    "KB942840" = Mise à jour pour Windows XP (KB942840)
    "KB944338-v2" = Mise à jour de sécurité pour Windows XP (KB944338-v2)
    "KB946648" = Mise à jour de sécurité pour Windows XP (KB946648)
    "KB950749" = Mise à jour de sécurité pour Windows XP (KB950749)
    "KB950759" = Mise à jour de sécurité pour Windows XP (KB950759)
    "KB950760" = Mise à jour de sécurité pour Windows XP (KB950760)
    "KB950762" = Mise à jour de sécurité pour Windows XP (KB950762)
    "KB950974" = Mise à jour de sécurité pour Windows XP (KB950974)
    "KB951066" = Mise à jour de sécurité pour Windows XP (KB951066)
    "KB951072-v2" = Mise à jour pour Windows XP (KB951072-v2)
    "KB951376-v2" = Mise à jour de sécurité pour Windows XP (KB951376-v2)
    "KB951698" = Mise à jour de sécurité pour Windows XP (KB951698)
    "KB951748" = Mise à jour de sécurité pour Windows XP (KB951748)
    "KB952287" = Correctif pour Windows XP (KB952287)
    "KB952954" = Mise à jour de sécurité pour Windows XP (KB952954)
    "KB953838" = Mise à jour de sécurité pour Windows XP (KB953838)
    "KB953839" = Mise à jour de sécurité pour Windows XP (KB953839)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 2.84 Standard
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Navilog1_is1" = Navilog1 3.6.3
    "Photo-Brush_is1" = Photo-Brush 2.1
    "Q828026" = Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
    "Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
    "WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
    "WinRAR archiver" = Archiveur WinRAR

    ===== Uninstall List =====


    ===== Winsock2 Catalogs =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
    Protocol_Catalog9\Catalog_Entries\000000000001 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000002 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000003 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000004 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000005 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000006 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000007 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000008 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000009 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000010 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000011 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000012 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000013 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000014 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000015 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000016 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000017 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000018 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000019 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000020 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000021 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000022 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL
    Protocol_Catalog9\Catalog_Entries\000000000023 - [08/23/2008 12:13 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) C:\WINDOWS\system32\DRWEBSP.DLL

    ===== Protocol Defaults =====


    ===== Protocol Defaults =====


    ===== Protocol Handlers =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
    ipp: [HKLM - No CLSID value]
    msdaipp: [HKLM - No CLSID value]

    ===== Protocol Filters =====

    < End of report >
    27 Août 2008 12:32:14

    Re,

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...
  • Clique sur Accept
  • Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  • clique une nouvelle fois sur "Accept"
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

    ;) 
    29 Août 2008 02:38:58

    re;

    voici le nouvo rapport

    Friday, August 29, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, August 28, 2008 11:55:15
    Records in database: 1155534

    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    A:\
    C:\
    D:\
    E:\

    Scan statistics
    Files scanned 48194
    Threat name 1
    Infected objects 1
    Suspicious objects 0
    Duration of the scan 02:01:47

    File name Threat name Threats count
    D:\mes image\abdel\logiciel\محطم العمالقة\TBS\Utilities\007 Spy Software 3.33\TBS.exe Infected: not-a-virus:Monitor.Win32.007SpySoft.342 1

    The selected area was scanned.
    29 Août 2008 11:07:42

    :hello:  Bonjour,

    Citation :
    D:\mes image\abdel\logiciel\محطم العمالقة\TBS\Utilities\007 Spy Software 3.33\TBS.exe


    Supprime ce fichier et dis-moi comment va le PC.

    Toujours des problèmes ?

    ;) 
    7 Septembre 2008 02:13:51

    :hello:  salut!!!
    je suis désolé pour cette absence mais j'avais des probléme de connexion.
    pour le PC il est bien pour le moment mais j'ai toujours des restes du DR WEB l'antivirus que j'avais avant j'ai essayé de le supprimé en passant par document and setting mais il me reste un fichier que j'arrive pas a supprimé.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS