Se connecter / S'enregistrer
Votre question

[RESOLU] virus impossible a supprimé

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Décembre 2007 17:14:57

bonjour, depuis qque jour d que je fai une recherche sur google je sui redirier vers daily-search g essayer plusieurs antivirus ki narrrivent pa a le supprimer je ne my connai paa du tou en informatique dc g un peu peur de faire une betise pouvez vous m'aider svp

voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:47, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
C:\Program Files\M6 Video\M6video.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Player Video TF1\tf1.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\INTERNAT.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~7\SDHelper.dll (file missing)
O2 - BHO: (no name) - {550168EC-AE71-42B6-B3B6-1926867CC41B} - c:\windows\system32\atlb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B507C17B-79D2-4B75-B152-10D03502514F} - C:\WINDOWS\system32\drmstore.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [prfnove] C:\WINDOWS\System32\wlwhufb.exe r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [tf1] C:\Program Files\Player Video TF1\tf1.exe
O4 - HKLM\..\Run: [Totocam] C:\PROGRA~1\ALLOCA~1\allocam.exe 1
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "c:\documents and settings\anthony pires\application data\install_fr[1].exe"
O4 - HKLM\..\Run: [oouserv6.exe] C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [TOM] C:\Program Files\Club-Internet\TOM\TOM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Odebit Multimedia V2] C:\Program Files\Odebit Multimédia\V2\Odebit.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Choisir comme avatar pour Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578....
O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWeb...
O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binaries/IA/netcmp32_FR_XP...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB} - http://www.dinerotica.com/download/1,2,1,0/cabdll.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP_...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} (IntPagomaster Class) - http://www.webcamenvivo.com/xxx/pagomast.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.ca...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.le-dial.com/access/WebInstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DF7A9F1F-E06B-4BE7-A27E-1BE7EA5AFC1C} (Infosistemas Class) - http://www.infodialer3000.com/perfiles2/infosistemas300...
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR_XP...
O20 - Winlogon Notify: smhtkpgj - C:\WINDOWS\SYSTEM32\atlb.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 17863 bytes

et le rapport BTFix
BTFix 1.066 (par bibi26) - 29/12/2007 16:35:42 - Analyse
Lancé depuis C:\Documents and Settings\ANTHONY PIRES\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\WINDOWS\smdat32m.sys
- C:\WINDOWS\smdat32a.sys
- C:\Program Files\ISTbar
- C:\Program Files\MyWay

---> Analyse terminée

merci d'avance

Autres pages sur : resolu virus impossible supprima

29 Décembre 2007 23:39:47

bonsoir
tu es bien infecté...

1
~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)

  • Ouvre BTFix.
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.


    2

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

    5 Janvier 2008 18:05:43

    voila ce ke donne les scan btfix et navilog
    BTFix 1.066 (par bibi26) - 31/12/2007 02:54:34 - Nettoyage - Mode sans échec
    Lancé depuis C:\Documents and Settings\ANTHONY PIRES\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés

    - Fichiers temporaires effacés
    - C:\WINDOWS\smdat32m.sys
    - C:\WINDOWS\smdat32a.sys
    - C:\Program Files\ISTbar
    - C:\Program Files\MyWay

    ---> Nettoyage terminé


    Search Navipromo version 3.3.8 commencé le 05/01/2008 à 17:29:25,14

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Executé en mode sans échec

    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINDOWS ***

    C:\WINDOWS\mslagent trouvé !
    C:\WINDOWS\msskinner trouvé !


    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




    *** Recherche dossiers dans "C:\Documents and Settings\ANTHONY PIRES\application data" ***


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Fichier(s) caché(s) :

    C:\WINDOWS\system32\dxedcoxym.dat
    C:\WINDOWS\system32\dxedcoxym.exe
    C:\WINDOWS\system32\dxedcoxym_nav.dat
    C:\WINDOWS\system32\dxedcoxym_navps.dat



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    Fichiers trouvés :

    dxedcoxym.exe trouvé !
    dxedcoxym.dat trouvé !
    dxedcoxym_nav.dat trouvé !
    dxedcoxym_navps.dat trouvé !

    * Recherche dans "C:\Documents and Settings\ANTHONY PIRES\local settings\application data" *



    *** Recherche fichiers ***


    C:\WINDOWS\Downloaded Program Files\EGDACCESS.inf trouvé !
    C:\WINDOWS\Downloaded Program Files\EGDACCESS_ASPIV4.inf trouvé !
    C:\WINDOWS\Downloaded Program Files\EGCOMSERVICE_pack.inf trouvé !
    C:\WINDOWS\Downloaded Program Files\netcmp32.inf trouvé !
    C:\WINDOWS\Downloaded Program Files\Netslv32.inf trouvé !
    C:\WINDOWS\Downloaded Program Files\nethv32.inf trouvé !
    C:\WINDOWS\pack.epk trouvé !
    C:\WINDOWS\system32\msegcompid.dll trouvé !
    C:\WINDOWS\system32\msclock32.dll trouvé !
    C:\WINDOWS\system32\msclock32.dll trouvé !
    C:\WINDOWS\system32\msplock32.dll trouvé !
    C:\WINDOWS\system32\msplock32.dll trouvé !
    C:\WINDOWS\system32\mseggrpid.dll trouvé !


    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !
    HKEY_CURRENT_USER\Software\mc trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :

    dxedcoxym.dat trouvé !
    dxedcoxym_nav.dat trouvé !

    * Dans "C:\Documents and Settings\ANTHONY PIRES\local settings\application data" :


    3)Recherche Certificats :

    Certificat Egroup trouvé !

    4)Recherche fichiers connus :



    *** Analyse terminée le 05/01/2008 à 17:55:30,84 ***

    que dois je faire maintenant?
    Contenus similaires
    5 Janvier 2008 23:42:41

    re

    Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
    Suis les instructions. Choisis ensuite l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
    [#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
    Appuie maintenant sur une touche, comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais-le [/b]manuellement[/b])

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.


    6 Janvier 2008 02:10:31

    re
    voila j'ai faice ke tu ma demandéé et je poste dc les rapports

    Clean Navipromo version 3.3.8 commencé le 06/01/2008 à 0:51:42,39

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Mode suppression automatique


    *** Creation backups fichiers trouvés par Catchme ***

    Copie vers "C:\Program Files\navilog1\Backupnavi"

    Copie C:\WINDOWS\system32\dxedcoxym.dat réalisée avec succès !
    Copie C:\WINDOWS\system32\dxedcoxym.exe réalisée avec succès !
    Copie C:\WINDOWS\system32\dxedcoxym_nav.dat réalisée avec succès !
    Copie C:\WINDOWS\system32\dxedcoxym_navps.dat réalisée avec succès !

    *** Suppression des fichiers trouvés avec Catchme ***

    C:\WINDOWS\system32\dxedcoxym.dat supprimé !
    C:\WINDOWS\system32\dxedcoxym.exe supprimé !
    C:\WINDOWS\system32\dxedcoxym_nav.dat supprimé !
    C:\WINDOWS\system32\dxedcoxym_navps.dat supprimé !

    ** 2ème passage avec résultats Catchme **

    * Dans C:\WINDOWS\system32 *


    C:\WINDOWS\prefetch\dxedcoxym*.pf trouvé !
    Copie C:\WINDOWS\prefetch\dxedcoxym*.pf réalisée avec succès !
    C:\WINDOWS\prefetch\dxedcoxym*.pf supprimé !

    * Dans "C:\Documents and Settings\ANTHONY PIRES\local settings\application data" *


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans C:\WINDOWS\System32 *


    * Suppression dans "C:\Documents and Settings\ANTHONY PIRES\local settings\application data" *



    *** Suppression dossiers dans C:\WINDOWS ***

    C:\WINDOWS\mslagent ...suppression...
    C:\WINDOWS\mslagent supprimé !

    C:\WINDOWS\msskinner ...suppression...
    C:\WINDOWS\msskinner supprimé !


    *** Suppression dossiers dans C:\Program Files ***


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


    *** Suppression dossiers dans "C:\Documents and Settings\ANTHONY PIRES\application data" ***


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



    *** Suppression fichiers ***

    C:\WINDOWS\Downloaded Program Files\EGCOMSERVICE_pack.inf supprimé !
    C:\WINDOWS\Downloaded Program Files\netcmp32.inf supprimé !
    C:\WINDOWS\pack.epk supprimé !
    C:\WINDOWS\system32\msegcompid.dll supprimé !
    C:\WINDOWS\system32\msclock32.dll supprimé !
    C:\WINDOWS\system32\msplock32.dll supprimé !
    C:\WINDOWS\system32\mseggrpid.dll supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\ANTHONY PIRES\local settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans C:\WINDOWS\system32 *


    * Dans "C:\Documents and Settings\ANTHONY PIRES\local settings\application data" *


    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !

    *** Nettoyage terminé le 06/01/2008 à 1:54:30,98 ***

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:03:55, on 06/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Player Video TF1\tf1.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\OFFICE ONE6.5\program\soffice.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\INTERNAT.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {550168EC-AE71-42B6-B3B6-1926867CC41B} - c:\windows\system32\atlb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {B507C17B-79D2-4B75-B152-10D03502514F} - C:\WINDOWS\system32\drmstore.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [tf1] C:\Program Files\Player Video TF1\tf1.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
    O4 - HKLM\..\Run: [oouserv6.exe] C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O8 - Extra context menu item: Choisir comme avatar pour Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578....
    O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWeb...
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab
    O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binaries/IA/netcmp32_FR_XP...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB} - http://www.dinerotica.com/download/1,2,1,0/cabdll.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DF7A9F1F-E06B-4BE7-A27E-1BE7EA5AFC1C} (Infosistemas Class) - http://www.infodialer3000.com/perfiles2/infosistemas300...
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O20 - Winlogon Notify: smhtkpgj - C:\WINDOWS\SYSTEM32\atlb.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 13426 byte

    merci pour ton aide
    6 Janvier 2008 18:42:07

    bonsoir

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

    ajoute un nouveau rapport Hijackthis.


    6 Janvier 2008 23:29:35

    bonsoir voici le rapport combo ainsi que le rapport hijackthis
    ComboFix 08-01-04.1 - ANTHONY PIRES 2008-01-06 20:04:34.1 - NTFSx86
    Running from: C:\Documents and Settings\ANTHONY PIRES\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\symavc32.sys
    C:\WINDOWS\system32\drivers\YJWW61.sys
    C:\WINDOWS\system32\atlb.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_YJWW61


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-06 20:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-06 00:21 . 2008-01-06 00:21 10,551,790 --a------ C:\upload_moi_PCTEK.tar.gz
    2008-01-05 22:26 . 2008-01-05 22:26 <REP> d-------- C:\Program Files\Neuf
    2008-01-05 16:15 . 2003-11-03 14:19 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\WINDOWS
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\Voisinage r‚seau
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\Voisinage d'impression
    2008-01-05 16:15 . 2003-11-03 09:49 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\ModŠles
    2008-01-05 16:15 . 2003-11-05 10:25 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Mes documents
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Menu D‚marrer
    2008-01-05 16:15 . 2003-11-03 09:59 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Favoris
    2008-01-05 16:15 . 2003-11-14 15:14 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\Bureau
    2008-01-05 16:15 . 2003-11-05 10:08 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\Application Data\OFFICE One v6
    2008-01-05 15:50 . 2008-01-06 01:55 <REP> d-------- C:\Program Files\Navilog1
    2008-01-03 23:56 . 2008-01-03 23:56 <REP> d-------- C:\VundoFix Backups
    2007-12-31 02:41 . 2007-12-31 02:41 <REP> d-------- C:\Program Files\CCleaner
    2007-12-29 16:03 . 2007-12-29 16:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2007-12-28 18:05 . 2003-11-03 14:19 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-12-28 18:05 . 2003-11-03 09:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-12-28 18:05 . 2003-11-05 10:25 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-12-28 18:05 . 2003-11-03 09:59 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-12-28 18:05 . 2003-11-14 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-12-28 15:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-28 15:22 . 2007-12-28 15:22 120,576 --a------ C:\WINDOWS\system32\dcukngjs.dat
    2007-12-27 15:18 . 2007-12-27 15:18 29 --a------ C:\WINDOWS\system32\woiwsefs.tmp
    2007-12-26 16:40 . 2007-12-26 16:40 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2007-12-25 03:24 . 2007-12-25 03:25 <REP> d-------- C:\Program Files\VirusGarde
    2007-12-25 02:47 . 2007-12-25 02:47 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
    2007-12-25 02:47 . 2007-12-25 02:47 741,632 --a------ C:\WINDOWS\system32\yqotvcxx.dat
    2007-12-25 02:47 . 2007-12-25 02:47 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
    2007-12-25 02:47 . 2007-12-25 02:47 42,240 --a------ C:\WINDOWS\system32\yexywkjd.dat
    2007-12-25 02:47 . 2007-12-25 02:47 36,096 --a------ C:\WINDOWS\system32\qsrfqmlk.dat
    2007-12-25 02:47 . 2007-12-25 02:47 35,072 --a------ C:\WINDOWS\system32\zwsfsunj.dat
    2007-12-24 00:37 . 2007-12-28 06:36 <REP> d-------- C:\WINDOWS\system32\AppCert
    2007-12-24 00:37 . 2004-08-20 00:09 85,504 --a------ C:\WINDOWS\system32\atlb.dll
    2007-12-24 00:36 . 19,584 C:\WINDOWS\system32\drivers\vrburhmq.dat
    2007-12-24 00:35 . 2004-08-11 01:36 84,992 --a------ C:\WINDOWS\system32\drmstore.dll
    2007-12-17 00:25 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2007-12-17 00:24 . 2007-12-17 00:24 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-12-17 00:24 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-12-17 00:24 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-12-17 00:24 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-12-17 00:24 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-12-17 00:24 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-12-17 00:24 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-12-17 00:24 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2007-12-17 00:23 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2007-12-17 00:23 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-06 01:11 --------- d-----w C:\Program Files\AVPersonal
    2007-12-31 01:47 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-12-29 15:29 --------- d-----w C:\Program Files\Trend Micro
    2007-12-27 19:16 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-12-23 23:18 --------- d-----w C:\Program Files\eMule
    2007-12-19 22:17 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-19 22:16 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-16 23:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 23:22 --------- d-----w C:\Program Files\Samsung
    2007-12-01 02:05 --------- d-----w C:\Program Files\Windows Live
    2007-11-27 21:18 --------- d-----w C:\Program Files\BitComet
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 17:49 --------- d-----w C:\Documents and Settings\MELANIE PIRES\Application Data\Windows Desktop Search
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2005-03-24 14:24 976,020 -c--a-w C:\Program Files\BDAXP.cab
    2005-03-24 14:24 911,188 -c--a-w C:\Program Files\Apr2005_MDX_x86.cab
    2005-03-24 14:24 72,400 -c--a-w C:\Program Files\DSETUP.dll
    2005-03-24 14:24 703,080 -c--a-w C:\Program Files\BDA.cab
    2005-03-24 14:24 66,520 -c--a-w C:\Program Files\dxupdate.cab
    2005-03-24 14:24 480,976 ----a-w C:\Program Files\DXSETUP.exe
    2005-03-24 14:24 2,245,328 -c--a-w C:\Program Files\dsetup32.dll
    2005-03-24 14:24 15,493,481 -c--a-w C:\Program Files\DirectX.cab
    2005-03-24 14:24 13,265,040 -c--a-w C:\Program Files\dxnt.cab
    2005-03-24 14:24 1,348,242 -c--a-w C:\Program Files\Apr2005_d3dx9_25_x64.cab
    2005-03-24 14:24 1,156,363 -c--a-w C:\Program Files\BDANT.cab
    2005-03-24 14:24 1,079,850 -c--a-w C:\Program Files\Apr2005_d3dx9_25_x86.cab
    2004-05-09 19:36 15,900,672 ----a-w C:\Documents and Settings\ANTHONY PIRES\Photoshop.exe
    2002-04-23 18:09 5,181,440 ----a-w C:\Documents and Settings\ANTHONY PIRES\ExtRsrc.dll
    2002-04-16 12:04 4,059,242 ------w C:\Documents and Settings\ANTHONY PIRES\ImageReadyRes.dll
    2002-04-15 17:54 13,336,651 ------w C:\Documents and Settings\ANTHONY PIRES\ImageReady.exe
    2002-04-15 17:32 331,776 ------w C:\Documents and Settings\ANTHONY PIRES\JS32.dll
    2002-04-06 15:37 897,024 ------w C:\Documents and Settings\ANTHONY PIRES\Photoshop.dll
    2002-04-06 15:37 2,445,312 ------w C:\Documents and Settings\ANTHONY PIRES\PSViews.dll
    2002-04-05 14:18 462,848 ------w C:\Documents and Settings\ANTHONY PIRES\ACE.dll
    2002-04-01 01:29 53,248 ------w C:\Documents and Settings\ANTHONY PIRES\Plugin.dll
    2002-03-26 16:42 1,458,176 ------w C:\Documents and Settings\ANTHONY PIRES\CoolType.dll
    2002-03-13 03:24 94,208 ------w C:\Documents and Settings\ANTHONY PIRES\OPP.dll
    2002-03-13 03:24 929,792 ------w C:\Documents and Settings\ANTHONY PIRES\AGM.dll
    2002-03-13 03:24 3,485,696 ------w C:\Documents and Settings\ANTHONY PIRES\MPS.dll
    2002-03-13 03:24 2,920,448 ------w C:\Documents and Settings\ANTHONY PIRES\PDFL50.dll
    2002-03-05 14:10 4,265 ------w C:\Documents and Settings\ANTHONY PIRES\Photoshop.reg
    2002-02-27 03:24 167,936 ------w C:\Documents and Settings\ANTHONY PIRES\Bib.dll
    2001-12-06 14:24 61,440 ------w C:\Documents and Settings\ANTHONY PIRES\Uninst.dll
    2001-06-29 16:38 712,751 ----a-w C:\Documents and Settings\ANTHONY PIRES\Asn.er.dll
    2001-02-16 11:40 19,456 ------w C:\Documents and Settings\ANTHONY PIRES\PSUT9516.DLL
    2000-10-10 13:49 23,024 ------w C:\Documents and Settings\ANTHONY PIRES\Shfolder.dll
    2000-10-10 13:49 20,480 ------w C:\Documents and Settings\ANTHONY PIRES\Psut9532.dll
    1993-07-22 23:00 210,944 ------w C:\Documents and Settings\ANTHONY PIRES\Msvcrt10.dll
    2005-05-29 13:15 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{550168EC-AE71-42B6-B3B6-1926867CC41B}]
    2004-08-20 00:09 85504 --a------ c:\windows\system32\atlb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B507C17B-79D2-4B75-B152-10D03502514F}]
    2004-08-11 01:36 84992 --a------ C:\WINDOWS\system32\drmstore.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 17:12 386752]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-28 19:32 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19 5728112]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 11:59 24576]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-01 14:56 180269]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-20 00:09 144384]
    "SoundMan"="SOUNDMAN.EXE" [2003-08-15 14:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 13:12 135168]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 00:10 380928 C:\WINDOWS\system32\irprops.cpl]
    "AVGCtrl"="C:\Program Files\AVPersonal\AVGNT.exe" [2005-10-14 12:32 180327]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 10:43 88363 C:\WINDOWS\AGRSMMSG.exe]
    "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160]
    "Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe" [2003-03-26 22:15 315458]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 10:05 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
    "tf1"="C:\Program Files\Player Video TF1\tf1.exe" [2006-08-11 11:00 1015296]
    "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 09:28 72192]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 14:53 98304]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:12 53248]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
    "PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe" [2003-03-26 22:12 454656]
    "pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe" [2003-03-26 22:19 274432]
    "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-20 00:09 400896]
    "oouserv6.exe"="C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe" [2003-06-30 06:00 256000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\smhtkpgj]
    atlb.dll 2004-08-20 00:09 85504 C:\WINDOWS\system32\atlb.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

    R0 rhqtrpaa;rhqtrpaa;C:\WINDOWS\system32\drivers\vrburhmq.dat []
    R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-10-13 16:32]
    R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52]
    S2 muvpozfe;SAMSUNG Mobile USB Modem II 1.0 sMonitor;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 avgntdw;avgntdw;C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS [2005-04-29 08:07]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    muvpozfe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-01 21:00:00 C:\WINDOWS\Tasks\{F47B0D2A-716E-40AE-B7BD-592D858EFBE5}_PCTEK_ANTHONY PIRES.job"
    - C:\WINDOWS\system32\mobsync.exeH /Schedule=
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-06 21:32:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-06 21:50:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-06 20:49:59
    .
    2007-12-14 02:18:49 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:25:27, on 06/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Player Video TF1\tf1.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\OFFICE ONE6.5\program\soffice.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\INTERNAT.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {550168EC-AE71-42B6-B3B6-1926867CC41B} - c:\windows\system32\atlb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {B507C17B-79D2-4B75-B152-10D03502514F} - C:\WINDOWS\system32\drmstore.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [tf1] C:\Program Files\Player Video TF1\tf1.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"
    O4 - HKLM\..\Run: [oouserv6.exe] C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O8 - Extra context menu item: Choisir comme avatar pour Messenger - C:\Program Files\MSN Pictures Displayer\AddIEPicture.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578....
    O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWeb...
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab
    O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binaries/IA/netcmp32_FR_XP...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB} - http://www.dinerotica.com/download/1,2,1,0/cabdll.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01b7a9f9d8069c4b8b05/netzip...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DF7A9F1F-E06B-4BE7-A27E-1BE7EA5AFC1C} (Infosistemas Class) - http://www.infodialer3000.com/perfiles2/infosistemas300...
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O20 - Winlogon Notify: smhtkpgj - C:\WINDOWS\SYSTEM32\atlb.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 12786 bytes



    6 Janvier 2008 23:35:08

    par contre je n'arrive plus a me connecter de mon pc il me dit aucune interface reseau utilisable je pense que c'est due a ces manip de meme je n'arrive plus a activer mon pare feu windows que faire maintenant?
    7 Janvier 2008 12:27:25

    bonjour
    je préparais le script
    vu que ton infection est lourde, j'en avais pour une bonne demi heure (que je prends sur mon heure de repas !)
    quand je suis tombé sur ça:
    http://www.commentcamarche.net/forum/affich-4453603-vir...

    tu n'as pas l'impression de prendre les gens pour des imbéciles? On est tous des bénévoles!

    demande à DeNisCoOl de venir regarder à quoi ressemble le rapport ComboFix.

    Tu peux terminer avec lui sur CCM !
    7 Janvier 2008 13:29:41

    bjr sham rock
    je suis desolé mais je ne voulais pas te prendre pour un imbecile loin de moi cet idée
    c'est juste qu eje suis trés nul en informatique et que j'ai vraiment de besoin de mon PC pour travailler j'ai donc tout essayé pour y arriver au plus vite je ne pensait pas te vexer
    encore desolé si je t'ai fait perdre ton temps merci quand meme pour ton aide
    a b 8 Sécurité
    7 Janvier 2008 17:43:41

    Sham a vraiment raison, on perd du temps.
    Mais bon, si tu ne le refais plus, c'est bon.
    7 Janvier 2008 20:15:21

    elgringo59
    j'ai prévenu sur CCM
    je terminerai la désinfection ici
    je rédigerai le script ce soir/cette nuit
    7 Janvier 2008 22:37:56

    re

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezweb [...] nProj1.cab
    O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} - http://akamai.downloadv3.com/binar [...] _FR_XP.cab
    O16 - DPF: {3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB} - http://www.dinerotica.com/download/1,2,1,0/cabdll.cab
    O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
    O16 - DPF: {DF7A9F1F-E06B-4BE7-A27E-1BE7EA5AFC1C} (Infosistemas Class) - http://www.infodialer3000.com/perf [...] as3000.cab


    Clique sur Fix checked (en bas à gauche)


    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    rhqtrpaa

    File::
    C:\WINDOWS\system32\dcukngjs.dat
    C:\WINDOWS\system32\woiwsefs.tmp
    C:\WINDOWS\system32\libeay32.dll
    C:\WINDOWS\system32\yqotvcxx.dat
    C:\WINDOWS\system32\libssl32.dll
    C:\WINDOWS\system32\yexywkjd.dat
    C:\WINDOWS\system32\qsrfqmlk.dat
    C:\WINDOWS\system32\zwsfsunj.dat
    C:\WINDOWS\system32\atlb.dll
    C:\WINDOWS\system32\drivers\vrburhmq.dat
    C:\WINDOWS\system32\drmstore.dll

    Folder::
    C:\upload_moi_PCTEK.tar.gz
    C:\Program Files\Navilog1
    C:\VundoFix Backups
    C:\Program Files\VirusGarde
    C:\WINDOWS\system32\AppCert

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{550168EC-AE71-42B6-B3B6-1926867CC41B}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B507C17B-79D2-4B75-B152-10D03502514F}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\smhtkpgj]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    8 Janvier 2008 21:15:23

    re,

    voila j'ai fais tous ce ke tu ma demandé et voici le rapport combo fix

    ComboFix 08-01-04.1 - ANTHONY PIRES 2008-01-08 14:25:48.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.60 [GMT 1:00]
    Running from: C:\Documents and Settings\ANTHONY PIRES\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\ANTHONY PIRES\Bureau\CFScript.txt

    FILE
    C:\WINDOWS\system32\atlb.dll
    C:\WINDOWS\system32\dcukngjs.dat
    C:\WINDOWS\system32\drivers\vrburhmq.dat
    C:\WINDOWS\system32\drmstore.dll
    C:\WINDOWS\system32\libeay32.dll
    C:\WINDOWS\system32\libssl32.dll
    C:\WINDOWS\system32\qsrfqmlk.dat
    C:\WINDOWS\system32\woiwsefs.tmp
    C:\WINDOWS\system32\yexywkjd.dat
    C:\WINDOWS\system32\yqotvcxx.dat
    C:\WINDOWS\system32\zwsfsunj.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Navilog1
    C:\Program Files\Navilog1\Backupnavi\backup_registry.dat
    C:\Program Files\Navilog1\Backupnavi\dxedcoxym.dat
    C:\Program Files\Navilog1\Backupnavi\DXEDCOXYM.EXE-32638C69.pf
    C:\Program Files\Navilog1\Backupnavi\dxedcoxym.exe
    C:\Program Files\Navilog1\Backupnavi\dxedcoxym_nav.dat
    C:\Program Files\Navilog1\Backupnavi\dxedcoxym_navps.dat
    C:\Program Files\Navilog1\catchme.exe
    C:\Program Files\Navilog1\GetPaths.exe
    C:\Program Files\Navilog1\gnc.exe
    C:\Program Files\Navilog1\navilog1.bat
    C:\Program Files\Navilog1\oem2ansi.exe
    C:\Program Files\Navilog1\Process.exe
    C:\Program Files\Navilog1\reboot.exe
    C:\Program Files\Navilog1\reg.exe
    C:\Program Files\Navilog1\regnavi.reg
    C:\Program Files\Navilog1\traite.bat
    C:\Program Files\Navilog1\traite2.bat
    C:\Program Files\Navilog1\unins000.dat
    C:\Program Files\Navilog1\unins000.exe
    C:\Program Files\VirusGarde
    C:\upload_moi_PCTEK.tar.gz\
    C:\VundoFix Backups
    C:\WINDOWS\system32\AppCert
    C:\WINDOWS\system32\AppCert\wsil32.dll
    C:\WINDOWS\system32\atlb.dll
    C:\WINDOWS\system32\dcukngjs.dat
    C:\WINDOWS\system32\drivers\vrburhmq.dat
    C:\WINDOWS\system32\drmstore.dll
    C:\WINDOWS\system32\libeay32.dll
    C:\WINDOWS\system32\libssl32.dll
    C:\WINDOWS\system32\qsrfqmlk.dat
    C:\WINDOWS\system32\woiwsefs.tmp
    C:\WINDOWS\system32\yexywkjd.dat
    C:\WINDOWS\system32\yqotvcxx.dat
    C:\WINDOWS\system32\zwsfsunj.dat

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-07 13:44 . 2008-01-07 13:44 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-01-07 13:44 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
    2008-01-07 13:44 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
    2008-01-06 20:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-06 00:21 . 2008-01-06 00:21 10,551,790 --a------ C:\upload_moi_PCTEK.tar.gz
    2008-01-05 22:26 . 2008-01-05 22:26 <REP> d-------- C:\Program Files\Neuf
    2008-01-05 16:15 . 2003-11-03 14:19 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\WINDOWS
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\Voisinage r‚seau
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\Voisinage d'impression
    2008-01-05 16:15 . 2003-11-03 09:49 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\ModŠles
    2008-01-05 16:15 . 2003-11-05 10:25 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Mes documents
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Menu D‚marrer
    2008-01-05 16:15 . 2003-11-03 09:59 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Favoris
    2008-01-05 16:15 . 2003-11-14 15:14 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\Bureau
    2008-01-05 16:15 . 2003-11-05 10:08 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\Application Data\OFFICE One v6
    2007-12-31 02:41 . 2007-12-31 02:41 <REP> d-------- C:\Program Files\CCleaner
    2007-12-29 16:03 . 2007-12-29 16:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2007-12-28 18:05 . 2003-11-03 14:19 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-12-28 18:05 . 2003-11-03 09:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-12-28 18:05 . 2003-11-05 10:25 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-12-28 18:05 . 2003-11-03 09:59 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-12-28 18:05 . 2003-11-14 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-12-28 15:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-26 16:40 . 2007-12-26 16:40 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2007-12-17 00:25 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2007-12-17 00:24 . 2007-12-17 00:24 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-12-17 00:24 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-12-17 00:24 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-12-17 00:24 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-12-17 00:24 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-12-17 00:24 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-12-17 00:24 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-12-17 00:24 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2007-12-17 00:23 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2007-12-17 00:23 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-06 01:11 --------- d-----w C:\Program Files\AVPersonal
    2007-12-31 01:47 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-12-29 15:29 --------- d-----w C:\Program Files\Trend Micro
    2007-12-27 19:16 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-12-23 23:18 --------- d-----w C:\Program Files\eMule
    2007-12-19 22:17 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-19 22:16 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-16 23:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 23:22 --------- d-----w C:\Program Files\Samsung
    2007-12-01 02:05 --------- d-----w C:\Program Files\Windows Live
    2007-11-27 21:18 --------- d-----w C:\Program Files\BitComet
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2005-03-24 14:24 976,020 -c--a-w C:\Program Files\BDAXP.cab
    2005-03-24 14:24 911,188 -c--a-w C:\Program Files\Apr2005_MDX_x86.cab
    2005-03-24 14:24 72,400 -c--a-w C:\Program Files\DSETUP.dll
    2005-03-24 14:24 703,080 -c--a-w C:\Program Files\BDA.cab
    2005-03-24 14:24 66,520 -c--a-w C:\Program Files\dxupdate.cab
    2005-03-24 14:24 480,976 ----a-w C:\Program Files\DXSETUP.exe
    2005-03-24 14:24 2,245,328 -c--a-w C:\Program Files\dsetup32.dll
    2005-03-24 14:24 15,493,481 -c--a-w C:\Program Files\DirectX.cab
    2005-03-24 14:24 13,265,040 -c--a-w C:\Program Files\dxnt.cab
    2005-03-24 14:24 1,348,242 -c--a-w C:\Program Files\Apr2005_d3dx9_25_x64.cab
    2005-03-24 14:24 1,156,363 -c--a-w C:\Program Files\BDANT.cab
    2005-03-24 14:24 1,079,850 -c--a-w C:\Program Files\Apr2005_d3dx9_25_x86.cab
    2004-05-09 19:36 15,900,672 ----a-w C:\Documents and Settings\ANTHONY PIRES\Photoshop.exe
    2002-04-23 18:09 5,181,440 ----a-w C:\Documents and Settings\ANTHONY PIRES\ExtRsrc.dll
    2002-04-16 12:04 4,059,242 ------w C:\Documents and Settings\ANTHONY PIRES\ImageReadyRes.dll
    2002-04-15 17:54 13,336,651 ------w C:\Documents and Settings\ANTHONY PIRES\ImageReady.exe
    2002-04-15 17:32 331,776 ------w C:\Documents and Settings\ANTHONY PIRES\JS32.dll
    2002-04-06 15:37 897,024 ------w C:\Documents and Settings\ANTHONY PIRES\Photoshop.dll
    2002-04-06 15:37 2,445,312 ------w C:\Documents and Settings\ANTHONY PIRES\PSViews.dll
    2002-04-05 14:18 462,848 ------w C:\Documents and Settings\ANTHONY PIRES\ACE.dll
    2002-04-01 01:29 53,248 ------w C:\Documents and Settings\ANTHONY PIRES\Plugin.dll
    2002-03-26 16:42 1,458,176 ------w C:\Documents and Settings\ANTHONY PIRES\CoolType.dll
    2002-03-13 03:24 94,208 ------w C:\Documents and Settings\ANTHONY PIRES\OPP.dll
    2002-03-13 03:24 929,792 ------w C:\Documents and Settings\ANTHONY PIRES\AGM.dll
    2002-03-13 03:24 3,485,696 ------w C:\Documents and Settings\ANTHONY PIRES\MPS.dll
    2002-03-13 03:24 2,920,448 ------w C:\Documents and Settings\ANTHONY PIRES\PDFL50.dll
    2002-03-05 14:10 4,265 ------w C:\Documents and Settings\ANTHONY PIRES\Photoshop.reg
    2002-02-27 03:24 167,936 ------w C:\Documents and Settings\ANTHONY PIRES\Bib.dll
    2001-12-06 14:24 61,440 ------w C:\Documents and Settings\ANTHONY PIRES\Uninst.dll
    2001-06-29 16:38 712,751 ----a-w C:\Documents and Settings\ANTHONY PIRES\Asn.er.dll
    2001-02-16 11:40 19,456 ------w C:\Documents and Settings\ANTHONY PIRES\PSUT9516.DLL
    2000-10-10 13:49 23,024 ------w C:\Documents and Settings\ANTHONY PIRES\Shfolder.dll
    2000-10-10 13:49 20,480 ------w C:\Documents and Settings\ANTHONY PIRES\Psut9532.dll
    1993-07-22 23:00 210,944 ------w C:\Documents and Settings\ANTHONY PIRES\Msvcrt10.dll
    2005-05-29 13:15 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-06_21.47.30.78 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-02 00:37:14 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-06 23:25:29 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-02 00:37:14 71,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-06 23:25:29 71,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-02 00:37:14 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-06 23:25:29 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-02 00:37:14 460,232 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-06 23:25:29 460,232 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 17:12 386752]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-28 19:32 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19 5728112]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 11:59 24576]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-01 14:56 180269]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-20 00:09 144384]
    "SoundMan"="SOUNDMAN.EXE" [2003-08-15 14:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 13:12 135168]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 00:10 380928 C:\WINDOWS\system32\irprops.cpl]
    "AVGCtrl"="C:\Program Files\AVPersonal\AVGNT.exe" [2005-10-14 12:32 180327]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 10:43 88363 C:\WINDOWS\AGRSMMSG.exe]
    "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160]
    "Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe" [2003-03-26 22:15 315458]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 10:05 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
    "tf1"="C:\Program Files\Player Video TF1\tf1.exe" [2006-08-11 11:00 1015296]
    "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 09:28 72192]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 14:53 98304]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:12 53248]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
    "PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe" [2003-03-26 22:12 454656]
    "pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe" [2003-03-26 22:19 274432]
    "oouserv6.exe"="C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe" [2003-06-30 06:00 256000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

    R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-10-13 16:32]
    R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52]
    S0 rhqtrpaa;rhqtrpaa;C:\WINDOWS\system32\drivers\vrburhmq.dat []
    S2 muvpozfe;SAMSUNG Mobile USB Modem II 1.0 sMonitor;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 avgntdw;avgntdw;C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS [2005-04-29 08:07]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    muvpozfe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-06 21:00:00 C:\WINDOWS\Tasks\{F47B0D2A-716E-40AE-B7BD-592D858EFBE5}_PCTEK_ANTHONY PIRES.job"
    - C:\WINDOWS\system32\mobsync.exeH /Schedule=
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-08 21:05:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-08 21:11:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-08 20:11:40
    ComboFix2.txt 2008-01-06 20:50:19
    .
    2007-12-14 02:18:49 --- E O F ---

    encore mercipr ton aide
    8 Janvier 2008 22:12:57

    bonsoir
    Il y a un fichier qui résiste...

    1

    Copie (Ctrl+C) le texte ci-dessous :
    Killall::
    Driver::
    rhqtrpaa

    File::
    C:\WINDOWS\system32\drivers\vrburhmq.dat



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2

    Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

    - Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    - Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier chercher va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis l'option 1
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

    ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

    - A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
    - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    -- A nouveau menu Edition / copier
    -- Dans un nouveau message ici, faire un clic droit / coller

    9 Janvier 2008 00:42:24

    re,
    voila le scan combofix

    ComboFix 08-01-04.1 - ANTHONY PIRES 2008-01-09 0:02:35.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.76 [GMT 1:00]
    Running from: C:\Documents and Settings\ANTHONY PIRES\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\ANTHONY PIRES\Bureau\CFscript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\drivers\vrburhmq.dat
    .

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-07 13:44 . 2008-01-07 13:44 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-01-07 13:44 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
    2008-01-07 13:44 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
    2008-01-06 20:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-06 00:21 . 2008-01-06 00:21 10,551,790 --a------ C:\upload_moi_PCTEK.tar.gz
    2008-01-05 22:26 . 2008-01-05 22:26 <REP> d-------- C:\Program Files\Neuf
    2008-01-05 16:15 . 2003-11-03 14:19 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\WINDOWS
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\Voisinage r‚seau
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\Voisinage d'impression
    2008-01-05 16:15 . 2003-11-03 09:49 <REP> d--h----- C:\Documents and Settings\Administrateur.PCTEK\ModŠles
    2008-01-05 16:15 . 2003-11-05 10:25 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Mes documents
    2008-01-05 16:15 . 2003-11-03 09:46 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Menu D‚marrer
    2008-01-05 16:15 . 2003-11-03 09:59 <REP> dr------- C:\Documents and Settings\Administrateur.PCTEK\Favoris
    2008-01-05 16:15 . 2003-11-14 15:14 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\Bureau
    2008-01-05 16:15 . 2003-11-05 10:08 <REP> d-------- C:\Documents and Settings\Administrateur.PCTEK\Application Data\OFFICE One v6
    2007-12-31 02:41 . 2007-12-31 02:41 <REP> d-------- C:\Program Files\CCleaner
    2007-12-29 16:03 . 2007-12-29 16:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2007-12-28 18:05 . 2003-11-03 14:19 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-12-28 18:05 . 2003-11-03 09:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-12-28 18:05 . 2003-11-05 10:25 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-12-28 18:05 . 2003-11-03 09:46 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-12-28 18:05 . 2003-11-03 09:59 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-12-28 18:05 . 2003-11-14 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-12-28 15:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-26 16:40 . 2007-12-26 16:40 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2007-12-17 00:25 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2007-12-17 00:24 . 2007-12-17 00:24 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-12-17 00:24 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-12-17 00:24 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-12-17 00:24 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-12-17 00:24 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-12-17 00:24 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-12-17 00:24 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-12-17 00:24 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2007-12-17 00:23 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2007-12-17 00:23 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-08 23:13 --------- d-----w C:\Program Files\AVPersonal
    2007-12-31 01:47 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-12-29 15:29 --------- d-----w C:\Program Files\Trend Micro
    2007-12-27 19:16 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-12-23 23:18 --------- d-----w C:\Program Files\eMule
    2007-12-19 22:17 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-19 22:16 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-16 23:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 23:22 --------- d-----w C:\Program Files\Samsung
    2007-12-01 02:05 --------- d-----w C:\Program Files\Windows Live
    2007-11-27 21:18 --------- d-----w C:\Program Files\BitComet
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2005-03-24 14:24 976,020 -c--a-w C:\Program Files\BDAXP.cab
    2005-03-24 14:24 911,188 -c--a-w C:\Program Files\Apr2005_MDX_x86.cab
    2005-03-24 14:24 72,400 -c--a-w C:\Program Files\DSETUP.dll
    2005-03-24 14:24 703,080 -c--a-w C:\Program Files\BDA.cab
    2005-03-24 14:24 66,520 -c--a-w C:\Program Files\dxupdate.cab
    2005-03-24 14:24 480,976 ----a-w C:\Program Files\DXSETUP.exe
    2005-03-24 14:24 2,245,328 -c--a-w C:\Program Files\dsetup32.dll
    2005-03-24 14:24 15,493,481 -c--a-w C:\Program Files\DirectX.cab
    2005-03-24 14:24 13,265,040 -c--a-w C:\Program Files\dxnt.cab
    2005-03-24 14:24 1,348,242 -c--a-w C:\Program Files\Apr2005_d3dx9_25_x64.cab
    2005-03-24 14:24 1,156,363 -c--a-w C:\Program Files\BDANT.cab
    2005-03-24 14:24 1,079,850 -c--a-w C:\Program Files\Apr2005_d3dx9_25_x86.cab
    2004-05-09 19:36 15,900,672 ----a-w C:\Documents and Settings\ANTHONY PIRES\Photoshop.exe
    2002-04-23 18:09 5,181,440 ----a-w C:\Documents and Settings\ANTHONY PIRES\ExtRsrc.dll
    2002-04-16 12:04 4,059,242 ------w C:\Documents and Settings\ANTHONY PIRES\ImageReadyRes.dll
    2002-04-15 17:54 13,336,651 ------w C:\Documents and Settings\ANTHONY PIRES\ImageReady.exe
    2002-04-15 17:32 331,776 ------w C:\Documents and Settings\ANTHONY PIRES\JS32.dll
    2002-04-06 15:37 897,024 ------w C:\Documents and Settings\ANTHONY PIRES\Photoshop.dll
    2002-04-06 15:37 2,445,312 ------w C:\Documents and Settings\ANTHONY PIRES\PSViews.dll
    2002-04-05 14:18 462,848 ------w C:\Documents and Settings\ANTHONY PIRES\ACE.dll
    2002-04-01 01:29 53,248 ------w C:\Documents and Settings\ANTHONY PIRES\Plugin.dll
    2002-03-26 16:42 1,458,176 ------w C:\Documents and Settings\ANTHONY PIRES\CoolType.dll
    2002-03-13 03:24 94,208 ------w C:\Documents and Settings\ANTHONY PIRES\OPP.dll
    2002-03-13 03:24 929,792 ------w C:\Documents and Settings\ANTHONY PIRES\AGM.dll
    2002-03-13 03:24 3,485,696 ------w C:\Documents and Settings\ANTHONY PIRES\MPS.dll
    2002-03-13 03:24 2,920,448 ------w C:\Documents and Settings\ANTHONY PIRES\PDFL50.dll
    2002-03-05 14:10 4,265 ------w C:\Documents and Settings\ANTHONY PIRES\Photoshop.reg
    2002-02-27 03:24 167,936 ------w C:\Documents and Settings\ANTHONY PIRES\Bib.dll
    2001-12-06 14:24 61,440 ------w C:\Documents and Settings\ANTHONY PIRES\Uninst.dll
    2001-06-29 16:38 712,751 ----a-w C:\Documents and Settings\ANTHONY PIRES\Asn.er.dll
    2001-02-16 11:40 19,456 ------w C:\Documents and Settings\ANTHONY PIRES\PSUT9516.DLL
    2000-10-10 13:49 23,024 ------w C:\Documents and Settings\ANTHONY PIRES\Shfolder.dll
    2000-10-10 13:49 20,480 ------w C:\Documents and Settings\ANTHONY PIRES\Psut9532.dll
    1993-07-22 23:00 210,944 ------w C:\Documents and Settings\ANTHONY PIRES\Msvcrt10.dll
    2005-05-29 13:15 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-06_21.47.30.78 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-02 00:37:14 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-06 23:25:29 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-02 00:37:14 71,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-06 23:25:29 71,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-02 00:37:14 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-06 23:25:29 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-02 00:37:14 460,232 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-06 23:25:29 460,232 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 17:12 386752]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-28 19:32 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19 5728112]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 11:59 24576]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-01 14:56 180269]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-20 00:09 144384]
    "SoundMan"="SOUNDMAN.EXE" [2003-08-15 14:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
    "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 13:12 135168]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 13:14 311350]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 00:10 380928 C:\WINDOWS\system32\irprops.cpl]
    "AVGCtrl"="C:\Program Files\AVPersonal\AVGNT.exe" [2005-10-14 12:32 180327]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 10:43 88363 C:\WINDOWS\AGRSMMSG.exe]
    "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160]
    "Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe" [2003-03-26 22:15 315458]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 10:05 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
    "tf1"="C:\Program Files\Player Video TF1\tf1.exe" [2006-08-11 11:00 1015296]
    "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 09:28 72192]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 14:53 98304]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:12 53248]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
    "PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe" [2003-03-26 22:12 454656]
    "pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe" [2003-03-26 22:19 274432]
    "oouserv6.exe"="C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe" [2003-06-30 06:00 256000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

    R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-10-13 16:32]
    R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52]
    S2 muvpozfe;SAMSUNG Mobile USB Modem II 1.0 sMonitor;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 avgntdw;avgntdw;C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS [2005-04-29 08:07]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    muvpozfe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-08 21:00:04 C:\WINDOWS\Tasks\{F47B0D2A-716E-40AE-B7BD-592D858EFBE5}_PCTEK_ANTHONY PIRES.job"
    - C:\WINDOWS\system32\mobsync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 00:15:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-09 0:20:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-08 23:20:49
    ComboFix2.txt 2008-01-08 20:11:46
    ComboFix3.txt 2008-01-06 20:50:19
    .
    2007-12-14 02:18:49 --- E O F ---

    et le rapport diaghelp


    DiagHelp version v1.4 - http://www.malekal.com
    excute le 09/01/2008 à 0:24:40,73


    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->09/01/2008 00:24:27
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->09/01/2008 00:24:16
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->09/01/2008 00:23:11
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->09/01/2008 00:22:43
    C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->09/01/2008 00:21:08
    C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->09/01/2008 00:21:05
    C:\WINDOWS\prefetch\LISTDLLS.CFEXE-163777B3.pf -->09/01/2008 00:20:54
    C:\WINDOWS\prefetch\NIRCMD.EXE-1F7FED22.pf -->09/01/2008 00:20:52
    C:\WINDOWS\prefetch\DUMPHIVE.CFEXE-2ED3B134.pf -->09/01/2008 00:20:48
    C:\WINDOWS\prefetch\CATCHME.CFEXE-0F2A0789.pf -->09/01/2008 00:20:44

    C:\WINDOWS\System32\drivers\tcpip.sys -->31/12/2007 02:47:37
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
    C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 11:32:54
    C:\WINDOWS\System32\drivers\ntfs.sys -->09/02/2007 12:10:35
    C:\WINDOWS\System32\drivers\wpdusb.sys -->18/10/2006 20:00:00
    C:\WINDOWS\System32\drivers\WudfRd.sys -->28/09/2006 19:00:34
    C:\WINDOWS\System32\drivers\WudfPf.sys -->28/09/2006 18:55:50

    C:\WINDOWS\System32\imail40.rtl -->22/04/2009 20:24:48
    C:\WINDOWS\System32\ComDlg32.ocx -->22/04/2009 20:24:48
    C:\WINDOWS\System32\wpa.dbl -->09/01/2008 00:14:47
    C:\WINDOWS\System32\PerfStringBackup.INI -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfh00C.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfh009.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfc00C.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfc009.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\FNTCACHE.DAT -->31/12/2007 03:07:05
    C:\WINDOWS\System32\BitCometRes.dll -->20/12/2007 21:44:13
    C:\WINDOWS\System32\TZLog.log -->14/12/2007 03:11:16
    C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->26/10/2007 08:26:28
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\LegitCheckControl.dll -->11/10/2007 14:12:48
    C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\url.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\occache.dll -->11/10/2007 00:49:45

    C:\WINDOWS\system.ini -->09/01/2008 00:15:08
    C:\WINDOWS\0.log -->09/01/2008 00:13:57
    C:\WINDOWS\WindowsUpdate.log -->09/01/2008 00:13:56
    C:\WINDOWS\ModemLog_Creative Modem Blaster DI5733.txt -->09/01/2008 00:13:56
    C:\WINDOWS\wiadebug.log -->09/01/2008 00:13:54
    C:\WINDOWS\wiaservc.log -->09/01/2008 00:13:50
    C:\WINDOWS\bootstat.dat -->09/01/2008 00:11:29
    C:\WINDOWS\SchedLgU.Txt -->09/01/2008 00:09:59
    C:\WINDOWS\setupapi.log -->07/01/2008 13:48:23
    C:\WINDOWS\iis6.log -->07/01/2008 00:26:20
    C:\WINDOWS\comsetup.log -->07/01/2008 00:26:19
    C:\WINDOWS\tsoc.log -->07/01/2008 00:26:18
    C:\WINDOWS\ocmsn.log -->07/01/2008 00:26:18
    C:\WINDOWS\ntdtcsetup.log -->07/01/2008 00:26:18
    C:\WINDOWS\imsins.log -->07/01/2008 00:26:18

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Unsigned
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed


    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 200
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x52000000 0x7000 4.80.3008.0001 C:\WINDOWS\system32\INDICDLL.dll
    0x10000000 0xd000 7.00.0009.0050 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
    0x01f70000 0x5b000 1.01.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x015e0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x025f0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    0x02c80000 0x2b000 C:\Program Files\WinRAR\rarext.dll
    0x03110000 0x74000 C:\WINDOWS\system32\OoneZipPopup.dll
    0x03360000 0x94000 6.05.0001.0000 C:\WINDOWS\system32\OoPdfManagerPopup.dll
    0x01200000 0xf000 9.00.0005.1389 C:\Program Files\Trend Micro\PC-cillin 9\Tmdshell.dll
    0x01220000 0xa000 6.30.0000.0001 C:\Program Files\AVPersonal\AVShlExt.DLL

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 488
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01220000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\WINDOWS\system32

    20/08/2004 00:09 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 15 840 759 808 octets libres
    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\WINDOWS\system32

    28/07/2003 15:19 1 323 008 dmcpl.exe
    1 fichier(s) 1 323 008 octets
    0 Rép(s) 15 840 759 808 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\WINDOWS\Downloaded Program Files

    08/01/2008 14:13 <REP> .
    08/01/2008 14:13 <REP> ..
    18/04/2006 15:04 159 040 AdSignerADP.dll
    13/04/2006 09:11 747 AdSignerADP.inf
    18/04/2006 15:04 273 728 AdVerifierADP.dll
    03/11/2003 09:51 65 desktop.ini
    14/10/1997 18:52 697 DirectAnimation Java Classes.osd
    25/07/2002 16:13 24 576 dwusplay.dll
    25/07/2002 16:13 196 608 dwusplay.exe
    09/02/2005 16:54 1 271 erma.inf
    13/04/2007 02:14 382 344 GAME_UNO1.dll
    17/01/2007 15:44 316 GAME_UNO1.INF
    16/05/2007 07:22 399 gp.inf
    02/07/2005 10:02 378 ImageUploader3.inf
    02/07/2005 10:02 1 873 432 ImageUploader3.ocx
    25/07/2002 16:05 172 032 isusweb.dll
    15/05/2006 17:48 367 LegitCheckControl.inf
    24/07/2004 20:25 1 279 032 mavenInstaller-0.exe
    14/05/2004 14:54 1 018 mcfscan.inf
    29/05/2003 14:00 160 864 messengerstatsclient.dll
    22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
    20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
    29/05/2003 14:00 77 408 msgrchkr.dll
    14/07/2005 11:41 322 240 MsnInstC.dll
    14/07/2005 13:11 249 MsnInstC.inf
    30/06/2005 14:19 227 MsnMessengerSetupDownloader.inf
    13/08/2005 23:26 113 664 MsnMessengerSetupDownloader.ocx
    08/10/2004 15:01 372 736 MsnPUpld.dll
    08/10/2004 15:13 587 MSNPupld.inf
    26/05/2005 03:19 293 muweb.inf
    22/09/2004 14:59 110 592 PURen-us.dll
    15/10/2004 06:59 110 592 PURfr-xx.dll
    29/05/2003 14:00 86 112 solitaireshowdown.dll
    09/11/2006 14:36 5 019 swflash.inf
    27/10/2002 19:32 3 036 wmv9dmo.inf
    24/03/2004 17:17 1 777 xscan.inf
    24/03/2004 17:22 435 712 xscan53.ocx
    27/06/2003 17:51 209 489 ycomp5_1_6_0.dll
    27/06/2003 18:06 326 ycomp5_1_6_0.inf
    37 fichier(s) 6 682 679 octets

    Total des fichiers listés :
    37 fichier(s) 6 682 679 octets
    2 Rép(s) 15 840 755 712 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..


    Liste des fichiers en exception sur le pare-feu XP SP2



    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001



    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 00:25:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,c8,24,c7,d6,77,2f,ce,96,70,78,03,a1,d7,10,c2,54,a0,..
    "hj34z0"=hex:07,0e,ae,1f,cf,24,15,d5,97,4c,d5,20,34,b4,06,fc,0c,03,b2,50,25,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\iasacct.dll 23552 bytes executable
    C:\WINDOWS\system32\iasads.dll 41472 bytes executable
    C:\WINDOWS\system32\iashlpr.dll 32256 bytes executable
    C:\WINDOWS\system32\iasnap.dll 62464 bytes executable
    C:\WINDOWS\system32\iaspolcy.dll 17920 bytes executable
    C:\WINDOWS\system32\iasrad.dll 119808 bytes executable
    C:\WINDOWS\system32\iasrecst.dll 141312 bytes executable
    C:\WINDOWS\system32\iassam.dll 86528 bytes executable
    C:\WINDOWS\system32\iassdo.dll 253440 bytes executable
    C:\WINDOWS\system32\iassvcs.dll 62976 bytes executable
    C:\WINDOWS\system32\icaapi.dll 11264 bytes executable
    C:\WINDOWS\system32\icardie.dll 63488 bytes executable
    C:\WINDOWS\system32\iccvid.dll 80384 bytes executable
    C:\WINDOWS\system32\icfgnt5.dll 16384 bytes executable
    C:\WINDOWS\system32\icm32.dll 254976 bytes executable
    C:\WINDOWS\system32\icmp.dll 3584 bytes executable
    C:\WINDOWS\system32\icmui.dll 56320 bytes executable
    C:\WINDOWS\system32\icrav03.rat 8798 bytes
    C:\WINDOWS\system32\icsxml
    C:\WINDOWS\system32\OoneZipPopup.dll 452608 bytes executable
    C:\WINDOWS\system32\OoPdfManagerPopup.dll 587776 bytes executable
    C:\WINDOWS\system32\opengl32.dll 713728 bytes executable
    C:\WINDOWS\system32\osk.exe 216576 bytes executable
    C:\WINDOWS\system32\osuninst.dll 68096 bytes executable
    C:\WINDOWS\system32\osuninst.exe 41984 bytes executable
    C:\WINDOWS\system32\p2p.dll 116224 bytes executable
    C:\WINDOWS\system32\p2pgasvc.dll 86016 bytes executable
    C:\WINDOWS\system32\p2pgraph.dll 312320 bytes executable
    C:\WINDOWS\system32\p2pnetsh.dll 88064 bytes executable
    C:\WINDOWS\system32\p2psvc.dll 526848 bytes executable
    C:\WINDOWS\system32\packager.exe 59904 bytes executable
    C:\WINDOWS\system32\panmap.dll 10240 bytes executable
    C:\WINDOWS\system32\paqsp.dll 157696 bytes executable
    C:\WINDOWS\system32\pathping.exe 22528 bytes executable
    C:\WINDOWS\system32\pautoenr.dll 65024 bytes executable
    C:\WINDOWS\system32\svchost.exe 14336 bytes executable
    C:\WINDOWS\system32\svcpack.dll 6144 bytes executable
    C:\WINDOWS\system32\swprv.dll 139264 bytes executable
    C:\WINDOWS\system32\swreg.exe 156160 bytes executable
    C:\WINDOWS\system32\swsc.exe 136704 bytes executable
    C:\WINDOWS\system32\swxcacls.exe 212480 bytes executable
    C:\WINDOWS\system32\sxs.dll 716800 bytes executable
    C:\WINDOWS\system32\syncapp.exe 51200 bytes executable
    C:\WINDOWS\system32\synceng.dll 57856 bytes executable
    C:\WINDOWS\system32\syncui.dll 197120 bytes executable
    C:\WINDOWS\system32\sysdm.cpl 305152 bytes executable
    C:\WINDOWS\system32\sysedit.exe 19216 bytes
    C:\WINDOWS\system32\sysinv.dll 15872 bytes executable
    C:\WINDOWS\system32\syskey.exe 37888 bytes executable
    C:\WINDOWS\system32\sysmon.ocx 220672 bytes executable
    C:\WINDOWS\system32\sysocmgr.exe 107520 bytes executable
    C:\WINDOWS\system32\sysprint.sep 3214 bytes
    C:\WINDOWS\system32\sysprtj.sep 3577 bytes
    C:\WINDOWS\system32\syssetup.dll 1005056 bytes executable
    C:\WINDOWS\system32\system.drv 3360 bytes
    C:\WINDOWS\system32\msprivs.dll 48128 bytes executable
    C:\WINDOWS\system32\msr2c.dll 69632 bytes executable
    C:\WINDOWS\system32\msr2cenu.dll 7168 bytes executable
    C:\WINDOWS\system32\msratelc.dll 65536 bytes executable
    C:\WINDOWS\system32\msrating.dll 193024 bytes executable
    C:\WINDOWS\system32\msrclr40.dll 73802 bytes executable
    C:\WINDOWS\system32\msrd2x35.dll 252176 bytes executable
    C:\WINDOWS\system32\msrd2x40.dll 421919 bytes executable
    C:\WINDOWS\system32\msrd3x40.dll 315423 bytes executable
    C:\WINDOWS\system32\msrecr40.dll 28746 bytes executable
    C:\WINDOWS\system32\msrepl35.dll 407312 bytes executable
    C:\WINDOWS\system32\msrepl40.dll 552989 bytes executable
    C:\WINDOWS\system32\msrle32.dll 11264 bytes executable
    C:\WINDOWS\system32\mssap.dll 134656 bytes executable
    C:\WINDOWS\system32\msscds32.ax 69632 bytes executable
    C:\WINDOWS\system32\msscp.dll 414720 bytes executable
    C:\WINDOWS\system32\msscript.ocx 102400 bytes executable
    C:\WINDOWS\system32\config
    C:\WINDOWS\system32\CRUNX.BIN 115 bytes
    C:\WINDOWS\system32\c_1256.nls 66082 bytes
    C:\WINDOWS\system32\c_874.nls 66594 bytes
    C:\WINDOWS\system32\datime.dll 152064 bytes executable
    C:\WINDOWS\system32\ddeml.dll 39424 bytes
    C:\WINDOWS\system32\dfrgres.dll 55808 bytes executable
    C:\WINDOWS\system32\diskmgmt.msc 33311 bytes
    C:\WINDOWS\system32\dmconfig.dll 330752 bytes executable
    C:\WINDOWS\system32\c_1257.nls 66082 bytes
    C:\WINDOWS\system32\c_1258.nls 66082 bytes
    C:\WINDOWS\system32\c_20127.nls 66082 bytes
    C:\WINDOWS\system32\c_20261.nls 139810 bytes
    C:\WINDOWS\system32\c_20866.nls 66082 bytes
    C:\WINDOWS\system32\c_20905.nls 66082 bytes
    C:\WINDOWS\system32\c_21866.nls 66082 bytes
    C:\WINDOWS\system32\c_28591.nls 66082 bytes
    C:\WINDOWS\system32\c_28592.nls 66082 bytes
    C:\WINDOWS\system32\c_28593.nls 66082 bytes
    C:\WINDOWS\system32\C_28594.NLS 66082 bytes
    C:\WINDOWS\system32\C_28595.NLS 66082 bytes
    C:\WINDOWS\system32\C_28597.NLS 66082 bytes
    C:\WINDOWS\system32\c_28598.nls 66082 bytes
    C:\WINDOWS\system32\c_28599.nls 66082 bytes
    C:\WINDOWS\system32\c_28603.nls 66082 bytes
    C:\WINDOWS\system32\c_28605.nls 66082 bytes
    C:\WINDOWS\system32\c_437.nls 66594 bytes
    C:\WINDOWS\system32\c_500.nls 66082 bytes
    C:\WINDOWS\system32\c_737.nls 66594 bytes
    C:\WINDOWS\system32\c_775.nls 66594 bytes
    C:\WINDOWS\system32\c_850.nls 66594 bytes
    C:\WINDOWS\system32\c_852.nls 66594 bytes
    C:\WINDOWS\system32\c_855.nls 66594 bytes
    C:\WINDOWS\system32\c_857.nls 66594 bytes
    C:\WINDOWS\system32\c_860.nls 66594 bytes
    C:\WINDOWS\system32\c_861.nls 66594 bytes
    C:\WINDOWS\system32\c_863.nls 66594 bytes
    C:\WINDOWS\system32\c_865.nls 66594 bytes
    C:\WINDOWS\system32\c_866.nls 66594 bytes
    C:\WINDOWS\system32\c_869.nls 66594 bytes
    C:\WINDOWS\system32\CONFIG.NT 3072 bytes
    C:\WINDOWS\system32\CONFIG.TMP 3072 bytes
    C:\WINDOWS\system32\confmsp.dll 346112 bytes executable
    C:\WINDOWS\system32\conime.exe 27648 bytes executable
    C:\WINDOWS\system32\console.dll 67072 bytes executable
    C:\WINDOWS\system32\control.exe 8192 bytes executable
    C:\WINDOWS\system32\convert.exe 13824 bytes executable
    C:\WINDOWS\system32\corpol.dll 17408 bytes executable
    C:\WINDOWS\system32\country.sys 27097 bytes
    C:\WINDOWS\system32\credui.dll 165888 bytes executable
    C:\WINDOWS\system32\crtdll.dll 149019 bytes executable
    C:\WINDOWS\system32\CRun500.dll 208896 bytes executable
    C:\WINDOWS\system32\c_875.nls 66082 bytes
    C:\WINDOWS\system32\c_932.nls 162850 bytes
    C:\WINDOWS\system32\c_936.nls 196642 bytes
    C:\WINDOWS\system32\c_949.nls 196642 bytes
    C:\WINDOWS\system32\c_950.nls 196642 bytes
    C:\WINDOWS\system32\d3d8.dll 1179648 bytes executable
    C:\WINDOWS\system32\d3d8thk.dll 8192 bytes executable
    C:\WINDOWS\system32\d3d9.dll 1689088 bytes executable
    C:\WINDOWS\system32\d3dim.dll 436224 bytes executable
    C:\WINDOWS\system32\d3dim700.dll 825344 bytes executable
    C:\WINDOWS\system32\d3dpmesh.dll 34816 bytes executable
    C:\WINDOWS\system32\d3dramp.dll 590336 bytes executable
    C:\WINDOWS\system32\d3drm.dll 350208 bytes executable
    C:\WINDOWS\system32\d3dx9_25.dll 2337488 bytes executable
    C:\WINDOWS\system32\d3dx9_32.dll 3426072 bytes executable
    C:\WINDOWS\system32\d3dxof.dll 47616 bytes executable
    C:\WINDOWS\system32\danim.dll 1056768 bytes executable
    C:\WINDOWS\system32\dataclen.dll 55296 bytes executable
    C:\WINDOWS\system32\ddeshare.exe 31744 bytes executable
    C:\WINDOWS\system32\ddraw.dll 266240 bytes executable
    C:\WINDOWS\system32\ddrawex.dll 27136 bytes executable
    C:\WINDOWS\system32\debug.exe 21162 bytes
    C:\WINDOWS\system32\defrag.exe 25088 bytes executable
    C:\WINDOWS\system32\desk.cpl 138240 bytes executable
    C:\WINDOWS\system32\deskadp.dll 16896 bytes executable
    C:\WINDOWS\system32\deskmon.dll 16896 bytes executable
    C:\WINDOWS\system32\deskperf.dll 18944 bytes executable
    C:\WINDOWS\system32\desktop.ini 2 bytes
    C:\WINDOWS\system32\devenum.dll 59904 bytes executable
    C:\WINDOWS\system32\devmgmt.msc 32738 bytes
    C:\WINDOWS\system32\devmgr.dll 290816 bytes executable
    C:\WINDOWS\system32\dfrg.msc 41131 bytes
    C:\WINDOWS\system32\dfrgfat.exe 82432 bytes executable
    C:\WINDOWS\system32\dfrgntfs.exe 104960 bytes executable
    C:\WINDOWS\system32\diskpart.exe 167936 bytes executable
    C:\WINDOWS\system32\diskperf.exe 19456 bytes executable
    C:\WINDOWS\system32\dispex.dll 45083 bytes executable
    C:\WINDOWS\system32\DivX.dll 619156 bytes executable
    C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 118784 bytes executable
    C:\WINDOWS\system32\divxdec.ax 221215 bytes executable
    C:\WINDOWS\system32\DivXMedia.ax 352401 bytes executable
    C:\WINDOWS\system32\DivXsm.exe 536576 bytes executable
    C:\WINDOWS\system32\divxsm.tlb 4276 bytes
    C:\WINDOWS\system32\DivXWMPExtType.dll 12288 bytes executable
    C:\WINDOWS\system32\divx_xx07.dll 778240 bytes executable
    C:\WINDOWS\system32\divx_xx0c.dll 778240 bytes executable
    C:\WINDOWS\system32\divx_xx11.dll 761856 bytes executable
    C:\WINDOWS\system32\dllcache
    C:\WINDOWS\system32\dllhost.exe 5120 bytes executable
    C:\WINDOWS\system32\dllhst3g.exe 4608 bytes executable
    C:\WINDOWS\system32\dmadmin.exe 225280 bytes executable
    C:\WINDOWS\system32\dmband.dll 28672 bytes executable
    C:\WINDOWS\system32\dmcompos.dll 61440 bytes executable
    C:\WINDOWS\system32\docprop2.dll 48640 bytes executable
    C:\WINDOWS\system32\doskey.exe 10752 bytes executable
    C:\WINDOWS\system32\dosx.exe 54080 bytes
    C:\WINDOWS\system32\dpcdll.dll 97792 bytes executable
    C:\WINDOWS\system32\dpl100.dll 90112 bytes executable
    C:\WINDOWS\system32\dplay.dll 33040 bytes executable
    C:\WINDOWS\system32\dplaysvr.exe 30208 bytes executable
    C:\WINDOWS\system32\dplayx.dll 229888 bytes executable
    C:\WINDOWS\system32\dpmodemx.dll 24064 bytes executable
    C:\WINDOWS\system32\dpnaddr.dll 3584 bytes executable
    C:\WINDOWS\system32\dpnet.dll 375296 bytes executable
    C:\WINDOWS\system32\dpnhpast.dll 35328 bytes executable
    C:\WINDOWS\system32\dpnhupnp.dll 60928 bytes executable
    C:\WINDOWS\system32\dpnlobby.dll 3584 bytes executable
    C:\WINDOWS\system32\dpnmodem.dll 62464 bytes executable
    C:\WINDOWS\system32\dpnsvr.exe 18432 bytes executable
    C:\WINDOWS\system32\dpnwsock.dll 61952 bytes executable
    C:\WINDOWS\system32\ds16gt.dLL 4656 bytes
    C:\WINDOWS\system32\ds32gt.dll 16384 bytes executable
    C:\WINDOWS\system32\dsauth.dll 62976 bytes executable
    C:\WINDOWS\system32\DSCIPLib2.dll 200704 bytes executable
    C:\WINDOWS\system32\dsdmo.dll 181760 bytes executable
    C:\WINDOWS\system32\dsdmoprp.dll 72192 bytes executable
    C:\WINDOWS\system32\dskquota.dll 93696 bytes executable
    C:\WINDOWS\system32\dskquoui.dll 150016 bytes executable
    C:\WINDOWS\system32\dsm_de.qm 15331 bytes
    C:\WINDOWS\system32\dsm_fr.qm 15172 bytes
    C:\WINDOWS\system32\dsm_ja.qm 10716 bytes
    C:\WINDOWS\system32\dsound.dll 367616 bytes executable
    C:\WINDOWS\system32\dsound.vxd 81 bytes
    C:\WINDOWS\system32\dsound3d.dll 1294336 bytes executable
    C:\WINDOWS\system32\dsprop.dll 145408 bytes executable
    C:\WINDOWS\system32\dsprpres.dll 4096 bytes executable
    C:\WINDOWS\system32\dsquery.dll 240640 bytes executable
    C:\WINDOWS\system32\erdmpg-hi.dll 1537536 bytes executable
    C:\WINDOWS\system32\ersvc.dll 23040 bytes executable
    C:\WINDOWS\system32\es.dll 243200 bytes executable
    C:\WINDOWS\system32\esccmd.dll 22016 bytes executable
    C:\WINDOWS\system32\escimgd.dll 46080 bytes executable
    C:\WINDOWS\system32\escwiad.dll 29696 bytes executable
    C:\WINDOWS\system32\esent.dll 1097728 bytes executable
    C:\WINDOWS\system32\esent97.dll 1114896 bytes executable
    C:\WINDOWS\system32\esentprf.dll 17408 bytes executable
    C:\WINDOWS\system32\esentprf.hxx 6708 bytes
    C:\WINDOWS\system32\esentprf.ini 1015477 bytes
    C:\WINDOWS\system32\esentutl.exe 39424 bytes executable
    C:\WINDOWS\system32\eudcedit.exe 195072 bytes executable
    C:\WINDOWS\system32\eula.txt 37774 bytes
    C:\WINDOWS\system32\eventcls.dll 33280 bytes executable
    C:\WINDOWS\system32\eventlog.dll 55808 bytes executable
    C:\WINDOWS\system32\eventvwr.exe 9216 bytes executable
    C:\WINDOWS\system32\findstr.exe 29184 bytes executable
    C:\WINDOWS\system32\finger.exe 10240 bytes executable
    C:\WINDOWS\system32\firewall.cpl 80384 bytes executable
    C:\WINDOWS\system32\fixmapi.exe 3072 bytes executable
    C:\WINDOWS\system32\fldrclnr.dll 88064 bytes executable
    C:\WINDOWS\system32\fltlib.dll 16896 bytes executable
    C:\WINDOWS\system32\fltmc.exe 23040 bytes executable
    C:\WINDOWS\system32\fmifs.dll 16384 bytes executable
    C:\WINDOWS\system32\FNTCACHE.DAT 363320 bytes
    C:\WINDOWS\system32\fontext.dll 386560 bytes executable
    C:\WINDOWS\system32\fontsub.dll 80896 bytes executable
    C:\WINDOWS\system32\fontview.exe 21504 bytes executable
    C:\WINDOWS\system32\forcedos.exe 7168 bytes executable
    C:\WINDOWS\system32\format.com 25600 bytes executable
    C:\WINDOWS\system32\fr-fr
    C:\WINDOWS\system32\framebuf.dll 9344 bytes executable
    C:\WINDOWS\system32\framedyn.dll 174592 bytes executable
    C:\WINDOWS\system32\freecell.exe 55808 bytes executable
    C:\WINDOWS\system32\fsmgmt.msc 32409 bytes
    C:\WINDOWS\system32\fsquirt.exe 193024 bytes executable
    C:\WINDOWS\system32\fsusd.dll 81920 bytes executable
    C:\WINDOWS\system32\fsutil.exe 61952 bytes executable
    C:\WINDOWS\system32\ftp.exe 46080 bytes executable
    C:\WINDOWS\system32\kerberos.dll 295936 bytes executable
    C:\WINDOWS\system32\kernel32.dll 1049600 bytes executable
    C:\WINDOWS\system32\key01.sys 42809 bytes
    C:\WINDOWS\system32\keyboard.drv 2000 bytes
    C:\WINDOWS\system32\keyboard.sys 42537 bytes
    C:\WINDOWS\system32\keymgr.dll 157184 bytes executable
    C:\WINDOWS\system32\keystone.exe 286806 bytes executable
    C:\WINDOWS\system32\kmddsp.tsp 33280 bytes executable
    C:\WINDOWS\system32\korean.uce 12876 bytes
    C:\WINDOWS\system32\krnl386.exe 92608 bytes
    C:\WINDOWS\system32\ksproxy.ax 130048 bytes executable
    C:\WINDOWS\system32\kstvtune.ax 61952 bytes executable
    C:\WINDOWS\system32\ksuser.dll 4096 bytes executable
    C:\WINDOWS\system32\kswdmcap.ax 91648 bytes executable
    C:\WINDOWS\system32\ksxbar.ax 43008 bytes executable
    C:\WINDOWS\system32\l3codeca.acm 290816 bytes executable
    C:\WINDOWS\system32\l3codecp.acm 232448 bytes executable
    C:\WINDOWS\system32\L3CODECX.AX 98304 bytes executable
    C:\WINDOWS\system32\igmpagnt.dll 8192 bytes executable
    C:\WINDOWS\system32\ils.dll 81920 bytes executable
    C:\WINDOWS\system32\imaadp32.acm 16384 bytes executable
    C:\WINDOWS\system32\imagehlp.dll 144384 bytes executable
    C:\WINDOWS\system32\imagr5.dll 507904 bytes executable
    C:\WINDOWS\system32\imagx5.dll 532480 bytes executable
    C:\WINDOWS\system32\ImagXpr5.dll 275312 bytes executable
    C:\WINDOWS\system32\imail40.ocx 110592 bytes executable
    C:\WINDOWS\system32\imail40.rtl 256 bytes
    C:\WINDOWS\system32\imapi.exe 150016 bytes executable
    C:\WINDOWS\system32\IME
    C:\WINDOWS\system32\imeshare.dll 36921 bytes executable
    C:\WINDOWS\system32\imgutil.dll 36352 bytes executable
    C:\WINDOWS\system32\imm32.dll 110080 bytes executable
    C:\WINDOWS\system32\Indeo4.qtx 747008 bytes executable
    C:\WINDOWS\system32\indicdll.dll 13696 bytes executable
    C:\WINDOWS\system32\indicdll.win 13696 bytes executable
    C:\WINDOWS\system32\indounin.dll 65024 bytes executable
    C:\WINDOWS\system32\inetcfg.dll 282624 bytes executable
    C:\WINDOWS\system32\inetcomm.dll 683520 bytes executable
    C:\WINDOWS\system32\inetcpl.cpl 1831424 bytes executable
    C:\WINDOWS\system32\inetcplc.dll 121856 bytes executable
    C:\WINDOWS\system32\inetmib1.dll 33280 bytes executable
    C:\WINDOWS\system32\inetpp.dll 75264 bytes executable
    C:\WINDOWS\system32\inetppui.dll 16384 bytes executable
    C:\WINDOWS\system32\inetres.dll 50688 bytes executable
    C:\WINDOWS\system32\inetsrv
    C:\WINDOWS\system32\ipxpromn.dll 74240 bytes executable
    C:\WINDOWS\system32\ipxrip.dll 21504 bytes executable
    C:\WINDOWS\system32\ipxroute.exe 24576 bytes executable
    C:\WINDOWS\system32\ipxrtmgr.dll 39936 bytes executable
    C:\WINDOWS\system32\ipxsap.dll 66560 bytes executable
    C:\WINDOWS\system32\ipxwan.dll 20992 bytes executable
    C:\WINDOWS\system32\ir32_32.dll 199168 bytes executable
    C:\WINDOWS\system32\ir41_32.ax 848384 bytes executable
    C:\WINDOWS\system32\ir41_32.dll 756736 bytes executable
    C:\WINDOWS\system32\ir41_qc.dll 120320 bytes executable
    C:\WINDOWS\system32\ir41_qcx.dll 338432 bytes executable
    C:\WINDOWS\system32\ir50_32.dll 755200 bytes executable
    C:\WINDOWS\system32\ir50_32.qtx 675328 bytes executable
    C:\WINDOWS\system32\ir50_qc.dll 200192 bytes executable
    C:\WINDOWS\system32\ir50_qcx.dll 183808 bytes executable
    C:\WINDOWS\system32\irclass.dll 13312 bytes executable
    C:\WINDOWS\system32\irisco32.dll 23040 bytes executable
    C:\WINDOWS\system32\irprops.cpl 380928 bytes executable
    C:\WINDOWS\system32\kbdbene.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdblr.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdbr.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdbu.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdca.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdcan.dll 7680 bytes executable
    C:\WINDOWS\system32\kbdcr.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdcz.dll 7168 bytes executable
    C:\WINDOWS\system32\kbdcz1.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdcz2.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdda.dll 6144 bytes executable
    C:\WINDOWS\system32\kbddv.dll 5120 bytes executable
    C:\WINDOWS\system32\kbdes.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdest.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfc.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfi.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfi1.dll 7168 bytes executable
    C:\WINDOWS\system32\kbdfo.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfr.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdgae.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdgkl.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdgr.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdgr1.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdhe.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdhe220.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdhe319.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdhela2.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdhela3.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdhept.dll 8192 bytes executable
    C:\WINDOWS\system32\kbdhu.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdhu1.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdic.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdinbe1.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdinben.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdinmal.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdir.dll 5632 bytes executable
    C:\WINDOWS\system32\lprhelp.dll 10240 bytes executable
    C:\WINDOWS\system32\lprmonui.dll 9216 bytes executable
    C:\WINDOWS\system32\LQCUI2.dll 90112 bytes executable
    C:\WINDOWS\system32\lsasrv.dll 728576 bytes executable
    C:\WINDOWS\system32\lsass.exe 13312 bytes executable
    C:\WINDOWS\system32\LTDIS11n.dll 262656 bytes executable
    C:\WINDOWS\system32\LTDIS12N.DLL 259072 bytes executable
    C:\WINDOWS\system32\ltdis13n.dll 299008 bytes executable
    C:\WINDOWS\system32\LTEFX12N.DLL 207872 bytes executable
    C:\WINDOWS\system32\ltefx13n.dll 206336 bytes executable
    C:\WINDOWS\system32\ltfil11n.DLL 118784 bytes executable
    C:\WINDOWS\system32\LTFIL12N.DLL 131072 bytes executable
    C:\WINDOWS\system32\ltfil13n.dll 163840 bytes executable
    C:\WINDOWS\system32\ltimg11n.dll 127488 bytes executable
    C:\WINDOWS\system32\mciole16.dll 8192 bytes
    C:\WINDOWS\system32\mciole32.dll 7680 bytes executable
    C:\WINDOWS\system32\mciqtz.drv 11776 bytes
    C:\WINDOWS\system32\mciqtz32.dll 35328 bytes executable
    C:\WINDOWS\system32\mciseq.dll 23040 bytes executable
    C:\WINDOWS\system32\mciseq.drv 25280 bytes
    C:\WINDOWS\system32\mciwave.dll 23552 bytes executable
    C:\WINDOWS\system32\mciwave.drv 28160 bytes
    C:\WINDOWS\system32\MCMLDSC2.dll 339968 bytes executable
    C:\WINDOWS\system32\mdhcp.dll 50176 bytes executable
    C:\WINDOWS\system32\mdminst.dll 120320 bytes executable
    C:\WINDOWS\system32\mdmxsdk.dll 86016 bytes executable
    C:\WINDOWS\system32\mdwmdmsp.dll 147968 bytes executable
    C:\WINDOWS\system32\mem.exe 39434 bytes
    C:\WINDOWS\system32\mf3216.dll 40960 bytes executable
    C:\WINDOWS\system32\mfc40.dll 924432 bytes executable
    C:\WINDOWS\system32\mfc40loc.dll 45568 bytes executable
    C:\WINDOWS\system32\mfc40u.dll 927504 bytes executable
    C:\WINDOWS\system32\midimap.dll 18944 bytes executable
    C:\WINDOWS\system32\miglibnt.dll 60928 bytes executable
    C:\WINDOWS\system32\migpwd.exe 52736 bytes executable
    C:\WINDOWS\system32\mimefilt.dll 29696 bytes executable
    C:\WINDOWS\system32\mindex.dll 163840 bytes executable
    C:\WINDOWS\system32\mlang.dat 673088 bytes
    C:\WINDOWS\system32\mlang.dll 586240 bytes executable
    C:\WINDOWS\system32\mll_hp.dll 3584 bytes executable
    C:\WINDOWS\system32\mll_mtf.dll 7680 bytes executable
    C:\WINDOWS\system32\mll_qic.dll 5632 bytes executable
    C:\WINDOWS\system32\mmc.exe 816128 bytes executable
    C:\WINDOWS\system32\mmcbase.dll 79872 bytes executable
    C:\WINDOWS\system32\mmcndmgr.dll 1198080 bytes executable
    C:\WINDOWS\system32\mmcshext.dll 50688 bytes executable
    C:\WINDOWS\system32\mmdriver.inf 1490 bytes
    C:\WINDOWS\system32\mmdrv.dll 12288 bytes executable
    C:\WINDOWS\system32\mmfutil.dll 17920 bytes executable
    C:\WINDOWS\system32\mmsys.cpl 626176 bytes executable
    C:\WINDOWS\system32\mmsystem.dll 70688 bytes
    C:\WINDOWS\system32\mmtask.tsk 1152 bytes
    C:\WINDOWS\system32\mmutilse.dll 119808 bytes executable
    C:\WINDOWS\system32\mnmdd.dll 34560 bytes executable
    C:\WINDOWS\system32\mnmsrvc.exe 32768 bytes executable
    C:\WINDOWS\system32\mobsync.dll 210432 bytes executable
    C:\WINDOWS\system32\mobsync.exe 144384 bytes executable
    C:\WINDOWS\system32\modemui.dll 156160 bytes executable
    C:\WINDOWS\system32\modex.dll 10112 bytes executable
    C:\WINDOWS\system32\more.com 15872 bytes executable
    C:\WINDOWS\system32\moricons.dll 216064 bytes executable
    C:\WINDOWS\system32\mountvol.exe 8192 bytes executable
    C:\WINDOWS\system32\mouse.drv 2032 bytes
    C:\WINDOWS\system32\MP43DECD.dll 259072 bytes executable
    C:\WINDOWS\system32\MP43DMOD.dll 4096 bytes executable
    C:\WINDOWS\system32\MP4SDECD.dll 317440 bytes executable
    C:\WINDOWS\system32\MP4SDMOD.dll 4096 bytes executable
    C:\WINDOWS\system32\mpeg2data.ax 118272 bytes executable
    C:\WINDOWS\system32\mpg2splt.ax 148992 bytes executable
    C:\WINDOWS\system32\mpg4c32.dll 413760 bytes executable
    C:\WINDOWS\system32\MPG4DECD.dll 259072 bytes executable
    C:\WINDOWS\system32\MPG4DMOD.dll 4096 bytes executable
    C:\WINDOWS\system32\mpg4ds32.ax 262144 bytes executable
    C:\WINDOWS\system32\mplay32.exe 124928 bytes executable
    C:\WINDOWS\system32\mpnotify.exe 22016 bytes executable
    C:\WINDOWS\system32\mpr.dll 59904 bytes executable
    C:\WINDOWS\system32\mprapi.dll 87040 bytes executable
    C:\WINDOWS\system32\mprddm.dll 69120 bytes executable
    C:\WINDOWS\system32\mprdim.dll 49152 bytes executable
    C:\WINDOWS\system32\mprmsg.dll 114688 bytes executable
    C:\WINDOWS\system32\mprui.dll 47616 bytes executable
    C:\WINDOWS\system32\MQTQueen.dll 69632 bytes executable
    C:\WINDOWS\system32\MQTQueen2.dll 69632 bytes executable
    C:\WINDOWS\system32\MQueen.dll 245760 bytes executable
    C:\WINDOWS\system32\MQueen2.dll 81920 bytes executable
    C:\WINDOWS\system32\mrinfo.exe 14336 bytes executable
    C:\WINDOWS\system32\MRT.exe 18684536 bytes executable
    C:\WINDOWS\system32\msaatext.dll 102912 bytes executable
    C:\WINDOWS\system32\msacm.dll 61312 bytes
    C:\WINDOWS\system32\msacm32.dll 72192 bytes executable
    C:\WINDOWS\system32\msadds32.ax 221184 bytes executable
    C:\WINDOWS\system32\msadp32.acm 14848 bytes executable
    C:\WINDOWS\system32\msafd.dll 3584 bytes executable
    C:\WINDOWS\system32\msapsspc.dll 86016 bytes executable
    C:\WINDOWS\system32\msasn1.dll 57344 bytes executable
    C:\WINDOWS\system32\msaud32.acm 294912 bytes executable
    C:\WINDOWS\system32\msaudite.dll 77312 bytes executable
    C:\WINDOWS\system32\msawt.dll 154384 bytes executable
    C:\WINDOWS\system32\mscat32.dll 7168 bytes executable
    C:\WINDOWS\system32\mscdexnt.exe 817 bytes
    C:\WINDOWS\system32\mscms.dll 74240 bytes executable
    C:\WINDOWS\system32\mscomct2.ocx 647872 bytes executable
    C:\WINDOWS\system32\mscomctl.ocx 1066176 bytes executable
    C:\WINDOWS\system32\MSCOMM32.OCX 103744 bytes executable
    C:\WINDOWS\system32\msconf.dll 69632 bytes executable
    C:\WINDOWS\system32\mscoree.dll 271360 bytes executable
    C:\WINDOWS\system32\mscorier.dll 150016 bytes executable
    C:\WINDOWS\system32\mscories.dll 74240 bytes executable
    C:\WINDOWS\system32\mscpx32r.dll 12288 bytes executable
    C:\WINDOWS\system32\mscpxl32.dll 36864 bytes executable
    C:\WINDOWS\system32\msctf.dll 294400 bytes executable
    C:\WINDOWS\system32\msctfime.ime 177152 bytes executable
    C:\WINDOWS\system32\msctfp.dll 69120 bytes executable
    C:\WINDOWS\system32\msdadiag.dll 118784 bytes executable
    C:\WINDOWS\system32\msdart.dll 151552 bytes executable
    C:\WINDOWS\system32\msdatsrc.tlb 12288 bytes executable
    C:\WINDOWS\system32\msdelta.dll 312128 bytes executable
    C:\WINDOWS\system32\msdmo.dll 14336 bytes executable
    C:\WINDOWS\system32\MsDtc
    C:\WINDOWS\system32\msdtc.exe 6144 bytes executable
    C:\WINDOWS\system32\msdtclog.dll 58880 bytes executable
    C:\WINDOWS\system32\msyuv.dll 17408 bytes executable
    C:\WINDOWS\system32\mtxclu.dll 66560 bytes executable
    C:\WINDOWS\system32\mtxdm.dll 20480 bytes executable
    C:\WINDOWS\system32\mtxex.dll 4096 bytes executable
    C:\WINDOWS\system32\mtxlegih.dll 25088 bytes executable
    C:\WINDOWS\system32\mtxoci.dll 91136 bytes executable
    C:\WINDOWS\system32\mtxparhd.dll 1737856 bytes executable
    C:\WINDOWS\system32\mucltui.dll 271224 bytes executable
    C:\WINDOWS\system32\mucltui.dll.mui 30072 bytes executable
    C:\WINDOWS\system32\mui
    C:\WINDOWS\system32\muweb.dll 207736 bytes executable
    C:\WINDOWS\system32\mycomput.dll 90624 bytes executable
    C:\WINDOWS\system32\mydocs.dll 91648 bytes executable
    C:\WINDOWS\system32\narrator.exe 55296 bytes executable
    C:\WINDOWS\system32\narrhook.dll 36352 bytes executable
    C:\WINDOWS\system32\navipromo_377.xml.gz 18600 bytes
    C:\WINDOWS\system32\nbtstat.exe 21504 bytes executable
    C:\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
    C:\WINDOWS\system32\ncpa.cpl 35840 bytes executable
    C:\WINDOWS\system32\ncpa.cpl.manifest 749 bytes
    C:\WINDOWS\system32\netid.dll 144896 bytes executable
    C:\WINDOWS\system32\netlogon.dll 407040 bytes executable
    C:\WINDOWS\system32\netman.dll 197632 bytes executable
    C:\WINDOWS\system32\netmsg.dll 200192 bytes executable
    C:\WINDOWS\system32\netplwiz.dll 885248 bytes executable
    C:\WINDOWS\system32\netrap.dll 12288 bytes executable
    C:\WINDOWS\system32\netsetup.cpl 25600 bytes executable
    C:\WINDOWS\system32\netsetup.exe 332800 bytes executable
    C:\WINDOWS\system32\netsh.exe 88576 bytes executable
    C:\WINDOWS\system32\netshell.dll 1723904 bytes executable
    C:\WINDOWS\system32\netstat.exe 37888 bytes executable
    C:\WINDOWS\system32\netui0.dll 83456 bytes executable
    C:\WINDOWS\system32\netui1.dll 245760 bytes executable
    C:\WINDOWS\system32\netui2.dll 312832 bytes executable
    C:\WINDOWS\system32\newdev.dll 251392 bytes executable
    C:\WINDOWS\system32\NkNEFPlugin.dll 2813952 bytes executable
    C:\WINDOWS\system32\nlhtml.dll 98304 bytes executable
    C:\WINDOWS\system32\nlsdl.dll 24576 bytes executable
    C:\WINDOWS\system32\nlsfunc.exe 7116 bytes
    C:\WINDOWS\system32\npptools.dll 55296 bytes executable
    C:\WINDOWS\system32\npwmsdrm.dll 8704 bytes executable
    C:\WINDOWS\system32\nscompat.tlb 23392 bytes
    C:\WINDOWS\system32\nslookup.exe 79360 bytes executable
    C:\WINDOWS\system32\ntdll.dll 733184 bytes executable
    C:\WINDOWS\system32\ntdos.sys 27916 bytes
    C:\WINDOWS\system32\ntdos404.sys 29146 bytes
    C:\WINDOWS\system32\ntdos411.sys 29370 bytes
    C:\WINDOWS\system32\ntdos412.sys 29274 bytes
    C:\WINDOWS\system32\ntdos804.sys 29146 bytes
    C:\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
    C:\WINDOWS\system32\ntimage.gif 48794 bytes
    C:\WINDOWS\system32\ntio.sys 34000 bytes
    C:\WINDOWS\system32\ntio404.sys 34560 bytes
    C:\WINDOWS\system32\ntio411.sys 35648 bytes
    C:\WINDOWS\system32\ntio412.sys 35424 bytes
    C:\WINDOWS\system32\ntio804.sys 34560 bytes
    C:\WINDOWS\system32\ntkrnlpa.exe 2059648 bytes executable
    C:\WINDOWS\system32\ntlanman.dll 43520 bytes executable
    C:\WINDOWS\system32\ntlanui.dll 59392 bytes executable
    C:\WINDOWS\system32\ntlanui2.dll 14848 bytes executable
    C:\WINDOWS\system32\ntlsapi.dll 8192 bytes executable
    C:\WINDOWS\system32\ntmarta.dll 119808 bytes executable
    C:\WINDOWS\system32\ntmsapi.dll 40960 bytes executable
    C:\WINDOWS\system32\ntmsdba.dll 181248 bytes executable
    C:\WINDOWS\system32\ntmsevt.dll 45056 bytes executable
    C:\WINDOWS\system32\ntmsmgr.dll 496640 bytes executable
    C:\WINDOWS\system32\ntmsmgr.msc 25901 bytes
    C:\WINDOWS\system32\ntmsoprq.msc 32590 bytes
    C:\WINDOWS\system32\ntmssvc.dll 438272 bytes executable
    C:\WINDOWS\system32\ntoskrnl.exe 2182400 bytes executable
    C:\WINDOWS\system32\ntprint.dll 91648 bytes executable
    C:\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
    C:\WINDOWS\system32\ntshrui.dll 145920 bytes executable
    C:\WINDOWS\system32\ntvdm.exe 420864 bytes executable
    C:\WINDOWS\system32\ntvdmd.dll 13312 bytes executable
    C:\WINDOWS\system32\nusrmgr.cpl 261120 bytes executable
    C:\WINDOWS\system32\nv4_disp.dll 3902603 bytes executable
    C:\WINDOWS\system32\nvcpl.dll 4841472 bytes executable
    C:\WINDOWS\system32\nview.dll 852038 bytes executable
    C:\WINDOWS\system32\nviewimg.dll 512000 bytes executable
    C:\WINDOWS\system32\nvinstnt.dll 126976 bytes executable
    C:\WINDOWS\system32\nvmctray.dll 49152 bytes executable
    C:\WINDOWS\system32\nvoglnt.dll 3850240 bytes executable
    C:\WINDOWS\system32\nvrsar.dll 2863104 bytes executable
    C:\WINDOWS\system32\nvrscs.dll 262144 bytes executable
    C:\WINDOWS\system32\nvrsda.dll 266240 bytes executable
    C:\WINDOWS\system32\nvrsde.dll 274432 bytes executable
    C:\WINDOWS\system32\nvrsel.dll 270336 bytes executable
    C:\WINDOWS\system32\nvrseng.dll 266240 bytes executable
    C:\WINDOWS\system32\rasadhlp.dll 8192 bytes executable
    C:\WINDOWS\system32\rasapi32.dll 237056 bytes executable
    C:\WINDOWS\system32\rasauto.dll 89088 bytes executable
    C:\WINDOWS\system32\rasautou.exe 11776 bytes executable
    C:\WINDOWS\system32\raschap.dll 69632 bytes executable
    C:\WINDOWS\system32\rasctrnm.h 1818 bytes
    C:\WINDOWS\system32\rasctrs.dll 12288 bytes executable
    C:\WINDOWS\system32\rasctrs.ini 6212 bytes
    C:\WINDOWS\system32\rasdial.exe 11776 bytes executable
    C:\WINDOWS\system32\rasdlg.dll 685056 bytes executable
    C:\WINDOWS\system32\rasman.dll 61440 bytes executable
    C:\WINDOWS\system32\rasmans.dll 181248 bytes executable
    C:\WINDOWS\system32\rasmontr.dll 148480 bytes executable
    C:\WINDOWS\system32\rasmxs.dll 22528 bytes executable
    C:\WINDOWS\system32\rasphone.exe 57344 bytes executable
    C:\WINDOWS\system32\rasppp.dll 206336 bytes executable
    C:\WINDOWS\system32\rasrad.dll 23552 bytes executable
    C:\WINDOWS\system32\rassapi.dll 16896 bytes executable
    C:\WINDOWS\system32\perfwci.h 435 bytes
    C:\WINDOWS\system32\perfwci.ini 2994 bytes
    C:\WINDOWS\system32\pfsibjs.exe 75776 bytes
    C:\WINDOWS\system32\PhotoImpression Screen Saver.scr 163840 bytes executable
    C:\WINDOWS\system32\photometadatahandler.dll 412160 bytes executable
    C:\WINDOWS\system32\photowiz.dll 172032 bytes executable
    C:\WINDOWS\system32\picn1020.dll 155648 bytes executable
    C:\WINDOWS\system32\picn1120.dll 180224 bytes executable
    C:\WINDOWS\system32\picn20.dll 48128 bytes executable
    C:\WINDOWS\system32\PICSDK.dll 479232 bytes executable
    C:\WINDOWS\system32\PICSDK.ini 99 bytes
    C:\WINDOWS\system32\pid.dll 35328 bytes executable
    C:\WINDOWS\system32\pidgen.dll 24064 bytes executable
    C:\WINDOWS\system32\pifmgr.dll 35328 bytes executable
    C:\WINDOWS\system32\ping.exe 19456 bytes executable
    C:\WINDOWS\system32\ping6.exe 34304 bytes executable
    C:\WINDOWS\system32\pjlmon.dll 15360 bytes executable
    C:\WINDOWS\system32\plustab.dll 30720 bytes executable
    C:\WINDOWS\system32\pmspl.dll 46592 bytes
    C:\WINDOWS\system32\regwizc.dll 405504 bytes executable
    C:\WINDOWS\system32\ReinstallBackups
    C:\WINDOWS\system32\remotepg.dll 61952 bytes executable
    C:\WINDOWS\system32\remotesp.tsp 76800 bytes executable
    C:\WINDOWS\system32\rend.dll 107520 bytes executable
    C:\WINDOWS\system32\replace.exe 12800 bytes executable
    C:\WINDOWS\system32\reset.exe 10240 bytes executable
    C:\WINDOWS\system32\Restore
    C:\WINDOWS\system32\resutils.dll 58880 bytes executable
    C:\WINDOWS\system32\rexec.exe 14848 bytes executable
    C:\WINDOWS\system32\ReyXp.ocx 532480 bytes executable
    C:\WINDOWS\system32\Rey_SubClasser.dll 98304 bytes executable
    C:\WINDOWS\system32\riched20.dll 433152 bytes executable
    C:\WINDOWS\system32\riched32.dll 3584 bytes executable
    C:\WINDOWS\system32\RICHTX32.OCX 203976 bytes executable
    C:\WINDOWS\system32\rsvpcnts.h 3178 bytes
    C:\WINDOWS\system32\rsvpmsg.dll 29696 bytes executable
    C:\WINDOWS\system32\rsvpperf.dll 9728 bytes executable
    C:\WINDOWS\system32\rsvpsp.dll 90112 bytes executable
    C:\WINDOWS\system32\RTCRES.dll 137216 bytes executable
    C:\WINDOWS\system32\rtcshare.exe 78336 bytes executable
    C:\WINDOWS\system32\rtipxmib.dll 31744 bytes executable
    C:\WINDOWS\system32\rtm.dll 98304 bytes executable
    C:\WINDOWS\system32\rtutils.dll 44032 bytes executable
    C:\WINDOWS\system32\runas.exe 17408 bytes executable
    C:\WINDOWS\system32\rundll32.exe 33792 bytes executable
    C:\WINDOWS\system32\runonce.exe 14336 bytes executable
    C:\WINDOWS\system32\rwinsta.exe 16384 bytes executable
    C:\WINDOWS\system32\s3gnb.dll 397056 bytes executable
    C:\WINDOWS\system32\safrcdlg.dll 43520 bytes executable
    C:\WINDOWS\system32\safrdm.dll 29696 bytes executable
    C:\WINDOWS\system32\safrslv.dll 45568 bytes executable
    C:\WINDOWS\system32\samlib.dll 64000 bytes executable
    C:\WINDOWS\system32\samsrv.dll 431104 bytes executable
    C:\WINDOWS\system32\Samsung_USB_Drivers
    C:\WINDOWS\system32\sapi.cpl.manifest 749 bytes
    C:\WINDOWS\system32\scrrun.dll 151552 bytes executable
    C:\WINDOWS\system32\sdbinst.exe 78848 bytes executable
    C:\WINDOWS\system32\sdhcinst.dll 29184 bytes executable
    C:\WINDOWS\system32\sdpblb.dll 130048 bytes executable
    C:\WINDOWS\system32\seclogon.dll 18944 bytes executable
    C:\WINDOWS\system32\secupd.dat 4569 bytes
    C:\WINDOWS\system32\secupd.sig 7208 bytes
    C:\WINDOWS\system32\secur32.dll 55808 bytes executable
    C:\WINDOWS\system32\security.dll 5632 bytes executable
    C:\WINDOWS\system32\sendcmsg.dll 29696 bytes executable
    C:\WINDOWS\system32\sendmail.dll 55296 bytes executable
    C:\WINDOWS\system32\sens.dll 38912 bytes executable
    C:\WINDOWS\system32\sensapi.dll 6656 bytes executable
    C:\WINDOWS\system32\senscfg.dll 13824 bytes executable
    C:\WINDOWS\system32\serialui.dll 14848 bytes executable
    C:\WINDOWS\system32\servdeps.dll 56320 bytes executable
    C:\WINDOWS\system32\services.exe 108544 bytes executable
    C:\WINDOWS\system32\services.msc 33075 bytes
    C:\WINDOWS\system32\shdoclc.dll 572416 bytes executable
    C:\WINDOWS\system32\shdocvw.dll 1497088 bytes executable
    C:\WINDOWS\system32\shell.dll 5120 bytes
    C:\WINDOWS\system32\shell32.dll 8516608 bytes executable
    C:\WINDOWS\system32\ShellExt
    C:\WINDOWS\system32\ShellMPD.dll 446976 bytes executable
    C:\WINDOWS\system32\shellstyle.dll 435712 bytes executable
    C:\WINDOWS\system32\shfolder.dll 25088 bytes executable
    C:\WINDOWS\system32\shgina.dll 68096 bytes executable
    C:\WINDOWS\system32\label.exe 9728 bytes executable
    C:\WINDOWS\system32\lfgif11n.dll 41472 bytes executable
    C:\WINDOWS\system32\lights.exe 30208 bytes executable
    C:\WINDOWS\system32\lpr.exe 9216 bytes executable
    C:\WINDOWS\system32\LTIMG12N.DLL 164864 bytes executable
    C:\WINDOWS\system32\main.cpl 189952 bytes executable
    C:\WINDOWS\system32\mcicda.dll 17408 bytes executable
    C:\WINDOWS\system32\mfc42.dll 1028096 bytes executable
    C:\WINDOWS\system32\mode.com 19456 bytes executable
    C:\WINDOWS\system32\msacm32.drv 20992 bytes executable
    C:\WINDOWS\system32\msdtcprf.h 768 bytes
    C:\WINDOWS\system32\mshearts.exe 128000 bytes executable
    C:\WINDOWS\system32\msjava.dll 947472 bytes executable
    C:\WINDOWS\system32\msmapi32.ocx 137000 bytes executable
    C:\WINDOWS\system32\msports.dll 43008 bytes executable
    C:\WINDOWS\system32\mssign32.dll 36352 bytes executable
    C:\WINDOWS\system32\msvbvm50.dll 1355776 bytes executable
    C:\WINDOWS\system32\msxmlr.dll 30720 bytes executable
    C:\WINDOWS\system32\ncxpnt.dll 7680 bytes executable
    C:\WINDOWS\system32\neth.dll 291328 bytes executable
    C:\WINDOWS\system32\nmevtmsg.dll 12288 bytes executable
    C:\WINDOWS\system32\npp
    C:\WINDOWS\system32\ntsd.exe 31744 bytes executable
    C:\WINDOWS\system32\nvrses.dll 274432 bytes executable
    C:\WINDOWS\system32\nvsvc32.exe 77824 bytes executable
    C:\WINDOWS\system32\nvwrsno.dll 159744 bytes executable
    C:\WINDOWS\system32\odbc16gt.dll 26224 bytes
    C:\WINDOWS\system32\oeminfo.ini 414 bytes
    C:\WINDOWS\system32\oobe
    C:\WINDOWS\system32\PCCSet.cpl 98304 bytes executable
    C:\WINDOWS\system32\perfci.ini 3030 bytes
    C:\WINDOWS\system32\perfts.dll 12288 bytes executable
    C:\WINDOWS\system32\pncrt.dll 278528 bytes executable
    C:\WINDOWS\system32\portabledeviceapi.dll 284160 bytes executable
    C:\WINDOWS\system32\usp10.dll 406528 bytes executable
    C:\WINDOWS\system32\usrcntra.dll 61500 bytes executable
    C:\WINDOWS\system32\usrcoina.dll 69699 bytes executable
    C:\WINDOWS\system32\usrdpa.dll 77890 bytes executable
    C:\WINDOWS\system32\usrdtea.dll 323641 bytes executable
    C:\WINDOWS\system32\usrfaxa.dll 86073 bytes executable
    C:\WINDOWS\system32\usrlbva.dll 53305 bytes executable
    C:\WINDOWS\system32\usrlogon.cmd 1263 bytes
    C:\WINDOWS\system32\usrmlnka.exe 77891 bytes executable
    C:\WINDOWS\system32\usrprbda.exe 61508 bytes executable
    C:\WINDOWS\system32\usrrtosa.dll 77883 bytes executable
    C:\WINDOWS\system32\usrsdpia.dll 49211 bytes executable
    C:\WINDOWS\system32\usrshuta.exe 69700 bytes executable
    C:\WINDOWS\system32\usrsvpia.dll 41019 bytes executable
    C:\WINDOWS\system32\usrv42a.dll 102457 bytes executable
    C:\WINDOWS\system32\usrv80a.dll 49209 bytes executable
    C:\WINDOWS\system32\usrvoica.dll 45116 bytes executable
    C:\WINDOWS\system32\usrvpa.dll 49211 bytes executable
    C:\WINDOWS\system32\utildll.dll 26112 bytes executable
    C:\WINDOWS\system32\utilman.exe 50176 bytes executable
    C:\WINDOWS\system32\uwdf.exe 8704 bytes executable
    C:\WINDOWS\system32\uxtheme.dll 219648 bytes executable
    C:\WINDOWS\system32\taskmgr.exe 143360 bytes executable
    C:\WINDOWS\system32\tcmsetup.exe 13312 bytes executable
    C:\WINDOWS\system32\tcpmib.dll 14848 bytes executable
    C:\WINDOWS\system32\tcpmon.dll 46592 bytes executable
    C:\WINDOWS\system32\tcpmon.ini 53478 bytes
    C:\WINDOWS\system32\tcpmonui.dll 47104 bytes executable
    C:\WINDOWS\system32\tcpsvcs.exe 19456 bytes executable
    C:\WINDOWS\system32\tdc.ocx 66560 bytes executable
    C:\WINDOWS\system32\telephon.cpl 28160 bytes executable
    C:\WINDOWS\system32\telnet.exe 78336 bytes executable
    C:\WINDOWS\system32\termmgr.dll 358912 bytes executable
    C:\WINDOWS\system32\termsrv.dll 297984 bytes executable
    C:\WINDOWS\system32\tftp.exe 17920 bytes executable
    C:\WINDOWS\system32\themeui.dll 391168 bytes executable
    C:\WINDOWS\system32\Thumbs.db 5632 bytes
    C:\WINDOWS\system32\ticrf.rat 1988 bytes
    C:\WINDOWS\system32\timedate.cpl 94208 bytes executable
    C:\WINDOWS\system32\timer.drv 4096 bytes
    C:\WINDOWS\system32\wbcache.enu 65489 bytes
    C:\WINDOWS\system32\wbcache.esn 65489 bytes
    C:\WINDOWS\system32\wbcache.fra 65489 bytes
    C:\WINDOWS\system32\wbcache.ita 65489 bytes
    C:\WINDOWS\system32\wbcache.nld 65489 bytes
    C:\WINDOWS\system32\wbcache.sve 65489 bytes
    C:\WINDOWS\system32\wbdbase.deu 1309184 bytes
    C:\WINDOWS\system32\wbdbase.enu 957440 bytes
    C:\WINDOWS\system32\wbdbase.esn 750080 bytes
    C:\WINDOWS\system32\wbdbase.fra 786944 bytes
    C:\WINDOWS\system32\wbdbase.ita 867840 bytes
    C:\WINDOWS\system32\wbdbase.nld 1095680 bytes
    C:\WINDOWS\system32\wbdbase.sve 937984 bytes
    C:\WINDOWS\sy
    9 Janvier 2008 10:41:26

    bonjour

    1

    le rapport Diaghelp n'est pas complet, j'en ai besoin pour continuer, poste-le en entier
    il se termine par:
    ****** Fin du rapport DiagHelp

    2
    Possédes-tu le CD de Windows?
    a b 8 Sécurité
    9 Janvier 2008 13:21:43

    Citation :
    e rapport Diaghelp n'est pas complet, j'en ai besoin pour continuer, poste-le en entier
    il se termine par:
    ****** Fin du rapport DiagHelp

    Apparemment trop long pour le post ;) 
    9 Janvier 2008 20:04:14

    désolé je navai pa remarqué qu'il manqué la fin du rapport dc je te le repost en entier

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 09/01/2008 à 0:24:40,73


    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->09/01/2008 00:24:27
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->09/01/2008 00:24:16
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->09/01/2008 00:23:11
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->09/01/2008 00:22:43
    C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->09/01/2008 00:21:08
    C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->09/01/2008 00:21:05
    C:\WINDOWS\prefetch\LISTDLLS.CFEXE-163777B3.pf -->09/01/2008 00:20:54
    C:\WINDOWS\prefetch\NIRCMD.EXE-1F7FED22.pf -->09/01/2008 00:20:52
    C:\WINDOWS\prefetch\DUMPHIVE.CFEXE-2ED3B134.pf -->09/01/2008 00:20:48
    C:\WINDOWS\prefetch\CATCHME.CFEXE-0F2A0789.pf -->09/01/2008 00:20:44

    C:\WINDOWS\System32\drivers\tcpip.sys -->31/12/2007 02:47:37
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
    C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 11:32:54
    C:\WINDOWS\System32\drivers\ntfs.sys -->09/02/2007 12:10:35
    C:\WINDOWS\System32\drivers\wpdusb.sys -->18/10/2006 20:00:00
    C:\WINDOWS\System32\drivers\WudfRd.sys -->28/09/2006 19:00:34
    C:\WINDOWS\System32\drivers\WudfPf.sys -->28/09/2006 18:55:50

    C:\WINDOWS\System32\imail40.rtl -->22/04/2009 20:24:48
    C:\WINDOWS\System32\ComDlg32.ocx -->22/04/2009 20:24:48
    C:\WINDOWS\System32\wpa.dbl -->09/01/2008 00:14:47
    C:\WINDOWS\System32\PerfStringBackup.INI -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfh00C.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfh009.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfc00C.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\perfc009.dat -->07/01/2008 00:25:29
    C:\WINDOWS\System32\FNTCACHE.DAT -->31/12/2007 03:07:05
    C:\WINDOWS\System32\BitCometRes.dll -->20/12/2007 21:44:13
    C:\WINDOWS\System32\TZLog.log -->14/12/2007 03:11:16
    C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->26/10/2007 08:26:28
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\LegitCheckControl.dll -->11/10/2007 14:12:48
    C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\url.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\occache.dll -->11/10/2007 00:49:45

    C:\WINDOWS\system.ini -->09/01/2008 00:15:08
    C:\WINDOWS\0.log -->09/01/2008 00:13:57
    C:\WINDOWS\WindowsUpdate.log -->09/01/2008 00:13:56
    C:\WINDOWS\ModemLog_Creative Modem Blaster DI5733.txt -->09/01/2008 00:13:56
    C:\WINDOWS\wiadebug.log -->09/01/2008 00:13:54
    C:\WINDOWS\wiaservc.log -->09/01/2008 00:13:50
    C:\WINDOWS\bootstat.dat -->09/01/2008 00:11:29
    C:\WINDOWS\SchedLgU.Txt -->09/01/2008 00:09:59
    C:\WINDOWS\setupapi.log -->07/01/2008 13:48:23
    C:\WINDOWS\iis6.log -->07/01/2008 00:26:20
    C:\WINDOWS\comsetup.log -->07/01/2008 00:26:19
    C:\WINDOWS\tsoc.log -->07/01/2008 00:26:18
    C:\WINDOWS\ocmsn.log -->07/01/2008 00:26:18
    C:\WINDOWS\ntdtcsetup.log -->07/01/2008 00:26:18
    C:\WINDOWS\imsins.log -->07/01/2008 00:26:18

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Unsigned
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed


    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 200
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x52000000 0x7000 4.80.3008.0001 C:\WINDOWS\system32\INDICDLL.dll
    0x10000000 0xd000 7.00.0009.0050 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
    0x01f70000 0x5b000 1.01.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x015e0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x025f0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    0x02c80000 0x2b000 C:\Program Files\WinRAR\rarext.dll
    0x03110000 0x74000 C:\WINDOWS\system32\OoneZipPopup.dll
    0x03360000 0x94000 6.05.0001.0000 C:\WINDOWS\system32\OoPdfManagerPopup.dll
    0x01200000 0xf000 9.00.0005.1389 C:\Program Files\Trend Micro\PC-cillin 9\Tmdshell.dll
    0x01220000 0xa000 6.30.0000.0001 C:\Program Files\AVPersonal\AVShlExt.DLL

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 488
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01220000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\WINDOWS\system32

    20/08/2004 00:09 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 15 840 759 808 octets libres
    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\WINDOWS\system32

    28/07/2003 15:19 1 323 008 dmcpl.exe
    1 fichier(s) 1 323 008 octets
    0 Rép(s) 15 840 759 808 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\WINDOWS\Downloaded Program Files

    08/01/2008 14:13 <REP> .
    08/01/2008 14:13 <REP> ..
    18/04/2006 15:04 159 040 AdSignerADP.dll
    13/04/2006 09:11 747 AdSignerADP.inf
    18/04/2006 15:04 273 728 AdVerifierADP.dll
    03/11/2003 09:51 65 desktop.ini
    14/10/1997 18:52 697 DirectAnimation Java Classes.osd
    25/07/2002 16:13 24 576 dwusplay.dll
    25/07/2002 16:13 196 608 dwusplay.exe
    09/02/2005 16:54 1 271 erma.inf
    13/04/2007 02:14 382 344 GAME_UNO1.dll
    17/01/2007 15:44 316 GAME_UNO1.INF
    16/05/2007 07:22 399 gp.inf
    02/07/2005 10:02 378 ImageUploader3.inf
    02/07/2005 10:02 1 873 432 ImageUploader3.ocx
    25/07/2002 16:05 172 032 isusweb.dll
    15/05/2006 17:48 367 LegitCheckControl.inf
    24/07/2004 20:25 1 279 032 mavenInstaller-0.exe
    14/05/2004 14:54 1 018 mcfscan.inf
    29/05/2003 14:00 160 864 messengerstatsclient.dll
    22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
    20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
    29/05/2003 14:00 77 408 msgrchkr.dll
    14/07/2005 11:41 322 240 MsnInstC.dll
    14/07/2005 13:11 249 MsnInstC.inf
    30/06/2005 14:19 227 MsnMessengerSetupDownloader.inf
    13/08/2005 23:26 113 664 MsnMessengerSetupDownloader.ocx
    08/10/2004 15:01 372 736 MsnPUpld.dll
    08/10/2004 15:13 587 MSNPupld.inf
    26/05/2005 03:19 293 muweb.inf
    22/09/2004 14:59 110 592 PURen-us.dll
    15/10/2004 06:59 110 592 PURfr-xx.dll
    29/05/2003 14:00 86 112 solitaireshowdown.dll
    09/11/2006 14:36 5 019 swflash.inf
    27/10/2002 19:32 3 036 wmv9dmo.inf
    24/03/2004 17:17 1 777 xscan.inf
    24/03/2004 17:22 435 712 xscan53.ocx
    27/06/2003 17:51 209 489 ycomp5_1_6_0.dll
    27/06/2003 18:06 326 ycomp5_1_6_0.inf
    37 fichier(s) 6 682 679 octets

    Total des fichiers listés :
    37 fichier(s) 6 682 679 octets
    2 Rép(s) 15 840 755 712 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..


    Liste des fichiers en exception sur le pare-feu XP SP2



    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001



    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 00:25:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,c8,24,c7,d6,77,2f,ce,96,70,78,03,a1,d7,10,c2,54,a0,..
    "hj34z0"=hex:07,0e,ae,1f,cf,24,15,d5,97,4c,d5,20,34,b4,06,fc,0c,03,b2,50,25,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\iasacct.dll 23552 bytes executable
    C:\WINDOWS\system32\iasads.dll 41472 bytes executable
    C:\WINDOWS\system32\iashlpr.dll 32256 bytes executable
    C:\WINDOWS\system32\iasnap.dll 62464 bytes executable
    C:\WINDOWS\system32\iaspolcy.dll 17920 bytes executable
    C:\WINDOWS\system32\iasrad.dll 119808 bytes executable
    C:\WINDOWS\system32\iasrecst.dll 141312 bytes executable
    C:\WINDOWS\system32\iassam.dll 86528 bytes executable
    C:\WINDOWS\system32\iassdo.dll 253440 bytes executable
    C:\WINDOWS\system32\iassvcs.dll 62976 bytes executable
    C:\WINDOWS\system32\icaapi.dll 11264 bytes executable
    C:\WINDOWS\system32\icardie.dll 63488 bytes executable
    C:\WINDOWS\system32\iccvid.dll 80384 bytes executable
    C:\WINDOWS\system32\icfgnt5.dll 16384 bytes executable
    C:\WINDOWS\system32\icm32.dll 254976 bytes executable
    C:\WINDOWS\system32\icmp.dll 3584 bytes executable
    C:\WINDOWS\system32\icmui.dll 56320 bytes executable
    C:\WINDOWS\system32\icrav03.rat 8798 bytes
    C:\WINDOWS\system32\icsxml
    C:\WINDOWS\system32\OoneZipPopup.dll 452608 bytes executable
    C:\WINDOWS\system32\OoPdfManagerPopup.dll 587776 bytes executable
    C:\WINDOWS\system32\opengl32.dll 713728 bytes executable
    C:\WINDOWS\system32\osk.exe 216576 bytes executable
    C:\WINDOWS\system32\osuninst.dll 68096 bytes executable
    C:\WINDOWS\system32\osuninst.exe 41984 bytes executable
    C:\WINDOWS\system32\p2p.dll 116224 bytes executable
    C:\WINDOWS\system32\p2pgasvc.dll 86016 bytes executable
    C:\WINDOWS\system32\p2pgraph.dll 312320 bytes executable
    C:\WINDOWS\system32\p2pnetsh.dll 88064 bytes executable
    C:\WINDOWS\system32\p2psvc.dll 526848 bytes executable
    C:\WINDOWS\system32\packager.exe 59904 bytes executable
    C:\WINDOWS\system32\panmap.dll 10240 bytes executable
    C:\WINDOWS\system32\paqsp.dll 157696 bytes executable
    C:\WINDOWS\system32\pathping.exe 22528 bytes executable
    C:\WINDOWS\system32\pautoenr.dll 65024 bytes executable
    C:\WINDOWS\system32\svchost.exe 14336 bytes executable
    C:\WINDOWS\system32\svcpack.dll 6144 bytes executable
    C:\WINDOWS\system32\swprv.dll 139264 bytes executable
    C:\WINDOWS\system32\swreg.exe 156160 bytes executable
    C:\WINDOWS\system32\swsc.exe 136704 bytes executable
    C:\WINDOWS\system32\swxcacls.exe 212480 bytes executable
    C:\WINDOWS\system32\sxs.dll 716800 bytes executable
    C:\WINDOWS\system32\syncapp.exe 51200 bytes executable
    C:\WINDOWS\system32\synceng.dll 57856 bytes executable
    C:\WINDOWS\system32\syncui.dll 197120 bytes executable
    C:\WINDOWS\system32\sysdm.cpl 305152 bytes executable
    C:\WINDOWS\system32\sysedit.exe 19216 bytes
    C:\WINDOWS\system32\sysinv.dll 15872 bytes executable
    C:\WINDOWS\system32\syskey.exe 37888 bytes executable
    C:\WINDOWS\system32\sysmon.ocx 220672 bytes executable
    C:\WINDOWS\system32\sysocmgr.exe 107520 bytes executable
    C:\WINDOWS\system32\sysprint.sep 3214 bytes
    C:\WINDOWS\system32\sysprtj.sep 3577 bytes
    C:\WINDOWS\system32\syssetup.dll 1005056 bytes executable
    C:\WINDOWS\system32\system.drv 3360 bytes
    C:\WINDOWS\system32\msprivs.dll 48128 bytes executable
    C:\WINDOWS\system32\msr2c.dll 69632 bytes executable
    C:\WINDOWS\system32\msr2cenu.dll 7168 bytes executable
    C:\WINDOWS\system32\msratelc.dll 65536 bytes executable
    C:\WINDOWS\system32\msrating.dll 193024 bytes executable
    C:\WINDOWS\system32\msrclr40.dll 73802 bytes executable
    C:\WINDOWS\system32\msrd2x35.dll 252176 bytes executable
    C:\WINDOWS\system32\msrd2x40.dll 421919 bytes executable
    C:\WINDOWS\system32\msrd3x40.dll 315423 bytes executable
    C:\WINDOWS\system32\msrecr40.dll 28746 bytes executable
    C:\WINDOWS\system32\msrepl35.dll 407312 bytes executable
    C:\WINDOWS\system32\msrepl40.dll 552989 bytes executable
    C:\WINDOWS\system32\msrle32.dll 11264 bytes executable
    C:\WINDOWS\system32\mssap.dll 134656 bytes executable
    C:\WINDOWS\system32\msscds32.ax 69632 bytes executable
    C:\WINDOWS\system32\msscp.dll 414720 bytes executable
    C:\WINDOWS\system32\msscript.ocx 102400 bytes executable
    C:\WINDOWS\system32\config
    C:\WINDOWS\system32\CRUNX.BIN 115 bytes
    C:\WINDOWS\system32\c_1256.nls 66082 bytes
    C:\WINDOWS\system32\c_874.nls 66594 bytes
    C:\WINDOWS\system32\datime.dll 152064 bytes executable
    C:\WINDOWS\system32\ddeml.dll 39424 bytes
    C:\WINDOWS\system32\dfrgres.dll 55808 bytes executable
    C:\WINDOWS\system32\diskmgmt.msc 33311 bytes
    C:\WINDOWS\system32\dmconfig.dll 330752 bytes executable
    C:\WINDOWS\system32\c_1257.nls 66082 bytes
    C:\WINDOWS\system32\c_1258.nls 66082 bytes
    C:\WINDOWS\system32\c_20127.nls 66082 bytes
    C:\WINDOWS\system32\c_20261.nls 139810 bytes
    C:\WINDOWS\system32\c_20866.nls 66082 bytes
    C:\WINDOWS\system32\c_20905.nls 66082 bytes
    C:\WINDOWS\system32\c_21866.nls 66082 bytes
    C:\WINDOWS\system32\c_28591.nls 66082 bytes
    C:\WINDOWS\system32\c_28592.nls 66082 bytes
    C:\WINDOWS\system32\c_28593.nls 66082 bytes
    C:\WINDOWS\system32\C_28594.NLS 66082 bytes
    C:\WINDOWS\system32\C_28595.NLS 66082 bytes
    C:\WINDOWS\system32\C_28597.NLS 66082 bytes
    C:\WINDOWS\system32\c_28598.nls 66082 bytes
    C:\WINDOWS\system32\c_28599.nls 66082 bytes
    C:\WINDOWS\system32\c_28603.nls 66082 bytes
    C:\WINDOWS\system32\c_28605.nls 66082 bytes
    C:\WINDOWS\system32\c_437.nls 66594 bytes
    C:\WINDOWS\system32\c_500.nls 66082 bytes
    C:\WINDOWS\system32\c_737.nls 66594 bytes
    C:\WINDOWS\system32\c_775.nls 66594 bytes
    C:\WINDOWS\system32\c_850.nls 66594 bytes
    C:\WINDOWS\system32\c_852.nls 66594 bytes
    C:\WINDOWS\system32\c_855.nls 66594 bytes
    C:\WINDOWS\system32\c_857.nls 66594 bytes
    C:\WINDOWS\system32\c_860.nls 66594 bytes
    C:\WINDOWS\system32\c_861.nls 66594 bytes
    C:\WINDOWS\system32\c_863.nls 66594 bytes
    C:\WINDOWS\system32\c_865.nls 66594 bytes
    C:\WINDOWS\system32\c_866.nls 66594 bytes
    C:\WINDOWS\system32\c_869.nls 66594 bytes
    C:\WINDOWS\system32\CONFIG.NT 3072 bytes
    C:\WINDOWS\system32\CONFIG.TMP 3072 bytes
    C:\WINDOWS\system32\confmsp.dll 346112 bytes executable
    C:\WINDOWS\system32\conime.exe 27648 bytes executable
    C:\WINDOWS\system32\console.dll 67072 bytes executable
    C:\WINDOWS\system32\control.exe 8192 bytes executable
    C:\WINDOWS\system32\convert.exe 13824 bytes executable
    C:\WINDOWS\system32\corpol.dll 17408 bytes executable
    C:\WINDOWS\system32\country.sys 27097 bytes
    C:\WINDOWS\system32\credui.dll 165888 bytes executable
    C:\WINDOWS\system32\crtdll.dll 149019 bytes executable
    C:\WINDOWS\system32\CRun500.dll 208896 bytes executable
    C:\WINDOWS\system32\c_875.nls 66082 bytes
    C:\WINDOWS\system32\c_932.nls 162850 bytes
    C:\WINDOWS\system32\c_936.nls 196642 bytes
    C:\WINDOWS\system32\c_949.nls 196642 bytes
    C:\WINDOWS\system32\c_950.nls 196642 bytes
    C:\WINDOWS\system32\d3d8.dll 1179648 bytes executable
    C:\WINDOWS\system32\d3d8thk.dll 8192 bytes executable
    C:\WINDOWS\system32\d3d9.dll 1689088 bytes executable
    C:\WINDOWS\system32\d3dim.dll 436224 bytes executable
    C:\WINDOWS\system32\d3dim700.dll 825344 bytes executable
    C:\WINDOWS\system32\d3dpmesh.dll 34816 bytes executable
    C:\WINDOWS\system32\d3dramp.dll 590336 bytes executable
    C:\WINDOWS\system32\d3drm.dll 350208 bytes executable
    C:\WINDOWS\system32\d3dx9_25.dll 2337488 bytes executable
    C:\WINDOWS\system32\d3dx9_32.dll 3426072 bytes executable
    C:\WINDOWS\system32\d3dxof.dll 47616 bytes executable
    C:\WINDOWS\system32\danim.dll 1056768 bytes executable
    C:\WINDOWS\system32\dataclen.dll 55296 bytes executable
    C:\WINDOWS\system32\ddeshare.exe 31744 bytes executable
    C:\WINDOWS\system32\ddraw.dll 266240 bytes executable
    C:\WINDOWS\system32\ddrawex.dll 27136 bytes executable
    C:\WINDOWS\system32\debug.exe 21162 bytes
    C:\WINDOWS\system32\defrag.exe 25088 bytes executable
    C:\WINDOWS\system32\desk.cpl 138240 bytes executable
    C:\WINDOWS\system32\deskadp.dll 16896 bytes executable
    C:\WINDOWS\system32\deskmon.dll 16896 bytes executable
    C:\WINDOWS\system32\deskperf.dll 18944 bytes executable
    C:\WINDOWS\system32\desktop.ini 2 bytes
    C:\WINDOWS\system32\devenum.dll 59904 bytes executable
    C:\WINDOWS\system32\devmgmt.msc 32738 bytes
    C:\WINDOWS\system32\devmgr.dll 290816 bytes executable
    C:\WINDOWS\system32\dfrg.msc 41131 bytes
    C:\WINDOWS\system32\dfrgfat.exe 82432 bytes executable
    C:\WINDOWS\system32\dfrgntfs.exe 104960 bytes executable
    C:\WINDOWS\system32\diskpart.exe 167936 bytes executable
    C:\WINDOWS\system32\diskperf.exe 19456 bytes executable
    C:\WINDOWS\system32\dispex.dll 45083 bytes executable
    C:\WINDOWS\system32\DivX.dll 619156 bytes executable
    C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 118784 bytes executable
    C:\WINDOWS\system32\divxdec.ax 221215 bytes executable
    C:\WINDOWS\system32\DivXMedia.ax 352401 bytes executable
    C:\WINDOWS\system32\DivXsm.exe 536576 bytes executable
    C:\WINDOWS\system32\divxsm.tlb 4276 bytes
    C:\WINDOWS\system32\DivXWMPExtType.dll 12288 bytes executable
    C:\WINDOWS\system32\divx_xx07.dll 778240 bytes executable
    C:\WINDOWS\system32\divx_xx0c.dll 778240 bytes executable
    C:\WINDOWS\system32\divx_xx11.dll 761856 bytes executable
    C:\WINDOWS\system32\dllcache
    C:\WINDOWS\system32\dllhost.exe 5120 bytes executable
    C:\WINDOWS\system32\dllhst3g.exe 4608 bytes executable
    C:\WINDOWS\system32\dmadmin.exe 225280 bytes executable
    C:\WINDOWS\system32\dmband.dll 28672 bytes executable
    C:\WINDOWS\system32\dmcompos.dll 61440 bytes executable
    C:\WINDOWS\system32\docprop2.dll 48640 bytes executable
    C:\WINDOWS\system32\doskey.exe 10752 bytes executable
    C:\WINDOWS\system32\dosx.exe 54080 bytes
    C:\WINDOWS\system32\dpcdll.dll 97792 bytes executable
    C:\WINDOWS\system32\dpl100.dll 90112 bytes executable
    C:\WINDOWS\system32\dplay.dll 33040 bytes executable
    C:\WINDOWS\system32\dplaysvr.exe 30208 bytes executable
    C:\WINDOWS\system32\dplayx.dll 229888 bytes executable
    C:\WINDOWS\system32\dpmodemx.dll 24064 bytes executable
    C:\WINDOWS\system32\dpnaddr.dll 3584 bytes executable
    C:\WINDOWS\system32\dpnet.dll 375296 bytes executable
    C:\WINDOWS\system32\dpnhpast.dll 35328 bytes executable
    C:\WINDOWS\system32\dpnhupnp.dll 60928 bytes executable
    C:\WINDOWS\system32\dpnlobby.dll 3584 bytes executable
    C:\WINDOWS\system32\dpnmodem.dll 62464 bytes executable
    C:\WINDOWS\system32\dpnsvr.exe 18432 bytes executable
    C:\WINDOWS\system32\dpnwsock.dll 61952 bytes executable
    C:\WINDOWS\system32\ds16gt.dLL 4656 bytes
    C:\WINDOWS\system32\ds32gt.dll 16384 bytes executable
    C:\WINDOWS\system32\dsauth.dll 62976 bytes executable
    C:\WINDOWS\system32\DSCIPLib2.dll 200704 bytes executable
    C:\WINDOWS\system32\dsdmo.dll 181760 bytes executable
    C:\WINDOWS\system32\dsdmoprp.dll 72192 bytes executable
    C:\WINDOWS\system32\dskquota.dll 93696 bytes executable
    C:\WINDOWS\system32\dskquoui.dll 150016 bytes executable
    C:\WINDOWS\system32\dsm_de.qm 15331 bytes
    C:\WINDOWS\system32\dsm_fr.qm 15172 bytes
    C:\WINDOWS\system32\dsm_ja.qm 10716 bytes
    C:\WINDOWS\system32\dsound.dll 367616 bytes executable
    C:\WINDOWS\system32\dsound.vxd 81 bytes
    C:\WINDOWS\system32\dsound3d.dll 1294336 bytes executable
    C:\WINDOWS\system32\dsprop.dll 145408 bytes executable
    C:\WINDOWS\system32\dsprpres.dll 4096 bytes executable
    C:\WINDOWS\system32\dsquery.dll 240640 bytes executable
    C:\WINDOWS\system32\erdmpg-hi.dll 1537536 bytes executable
    C:\WINDOWS\system32\ersvc.dll 23040 bytes executable
    C:\WINDOWS\system32\es.dll 243200 bytes executable
    C:\WINDOWS\system32\esccmd.dll 22016 bytes executable
    C:\WINDOWS\system32\escimgd.dll 46080 bytes executable
    C:\WINDOWS\system32\escwiad.dll 29696 bytes executable
    C:\WINDOWS\system32\esent.dll 1097728 bytes executable
    C:\WINDOWS\system32\esent97.dll 1114896 bytes executable
    C:\WINDOWS\system32\esentprf.dll 17408 bytes executable
    C:\WINDOWS\system32\esentprf.hxx 6708 bytes
    C:\WINDOWS\system32\esentprf.ini 1015477 bytes
    C:\WINDOWS\system32\esentutl.exe 39424 bytes executable
    C:\WINDOWS\system32\eudcedit.exe 195072 bytes executable
    C:\WINDOWS\system32\eula.txt 37774 bytes
    C:\WINDOWS\system32\eventcls.dll 33280 bytes executable
    C:\WINDOWS\system32\eventlog.dll 55808 bytes executable
    C:\WINDOWS\system32\eventvwr.exe 9216 bytes executable
    C:\WINDOWS\system32\findstr.exe 29184 bytes executable
    C:\WINDOWS\system32\finger.exe 10240 bytes executable
    C:\WINDOWS\system32\firewall.cpl 80384 bytes executable
    C:\WINDOWS\system32\fixmapi.exe 3072 bytes executable
    C:\WINDOWS\system32\fldrclnr.dll 88064 bytes executable
    C:\WINDOWS\system32\fltlib.dll 16896 bytes executable
    C:\WINDOWS\system32\fltmc.exe 23040 bytes executable
    C:\WINDOWS\system32\fmifs.dll 16384 bytes executable
    C:\WINDOWS\system32\FNTCACHE.DAT 363320 bytes
    C:\WINDOWS\system32\fontext.dll 386560 bytes executable
    C:\WINDOWS\system32\fontsub.dll 80896 bytes executable
    C:\WINDOWS\system32\fontview.exe 21504 bytes executable
    C:\WINDOWS\system32\forcedos.exe 7168 bytes executable
    C:\WINDOWS\system32\format.com 25600 bytes executable
    C:\WINDOWS\system32\fr-fr
    C:\WINDOWS\system32\framebuf.dll 9344 bytes executable
    C:\WINDOWS\system32\framedyn.dll 174592 bytes executable
    C:\WINDOWS\system32\freecell.exe 55808 bytes executable
    C:\WINDOWS\system32\fsmgmt.msc 32409 bytes
    C:\WINDOWS\system32\fsquirt.exe 193024 bytes executable
    C:\WINDOWS\system32\fsusd.dll 81920 bytes executable
    C:\WINDOWS\system32\fsutil.exe 61952 bytes executable
    C:\WINDOWS\system32\ftp.exe 46080 bytes executable
    C:\WINDOWS\system32\kerberos.dll 295936 bytes executable
    C:\WINDOWS\system32\kernel32.dll 1049600 bytes executable
    C:\WINDOWS\system32\key01.sys 42809 bytes
    C:\WINDOWS\system32\keyboard.drv 2000 bytes
    C:\WINDOWS\system32\keyboard.sys 42537 bytes
    C:\WINDOWS\system32\keymgr.dll 157184 bytes executable
    C:\WINDOWS\system32\keystone.exe 286806 bytes executable
    C:\WINDOWS\system32\kmddsp.tsp 33280 bytes executable
    C:\WINDOWS\system32\korean.uce 12876 bytes
    C:\WINDOWS\system32\krnl386.exe 92608 bytes
    C:\WINDOWS\system32\ksproxy.ax 130048 bytes executable
    C:\WINDOWS\system32\kstvtune.ax 61952 bytes executable
    C:\WINDOWS\system32\ksuser.dll 4096 bytes executable
    C:\WINDOWS\system32\kswdmcap.ax 91648 bytes executable
    C:\WINDOWS\system32\ksxbar.ax 43008 bytes executable
    C:\WINDOWS\system32\l3codeca.acm 290816 bytes executable
    C:\WINDOWS\system32\l3codecp.acm 232448 bytes executable
    C:\WINDOWS\system32\L3CODECX.AX 98304 bytes executable
    C:\WINDOWS\system32\igmpagnt.dll 8192 bytes executable
    C:\WINDOWS\system32\ils.dll 81920 bytes executable
    C:\WINDOWS\system32\imaadp32.acm 16384 bytes executable
    C:\WINDOWS\system32\imagehlp.dll 144384 bytes executable
    C:\WINDOWS\system32\imagr5.dll 507904 bytes executable
    C:\WINDOWS\system32\imagx5.dll 532480 bytes executable
    C:\WINDOWS\system32\ImagXpr5.dll 275312 bytes executable
    C:\WINDOWS\system32\imail40.ocx 110592 bytes executable
    C:\WINDOWS\system32\imail40.rtl 256 bytes
    C:\WINDOWS\system32\imapi.exe 150016 bytes executable
    C:\WINDOWS\system32\IME
    C:\WINDOWS\system32\imeshare.dll 36921 bytes executable
    C:\WINDOWS\system32\imgutil.dll 36352 bytes executable
    C:\WINDOWS\system32\imm32.dll 110080 bytes executable
    C:\WINDOWS\system32\Indeo4.qtx 747008 bytes executable
    C:\WINDOWS\system32\indicdll.dll 13696 bytes executable
    C:\WINDOWS\system32\indicdll.win 13696 bytes executable
    C:\WINDOWS\system32\indounin.dll 65024 bytes executable
    C:\WINDOWS\system32\inetcfg.dll 282624 bytes executable
    C:\WINDOWS\system32\inetcomm.dll 683520 bytes executable
    C:\WINDOWS\system32\inetcpl.cpl 1831424 bytes executable
    C:\WINDOWS\system32\inetcplc.dll 121856 bytes executable
    C:\WINDOWS\system32\inetmib1.dll 33280 bytes executable
    C:\WINDOWS\system32\inetpp.dll 75264 bytes executable
    C:\WINDOWS\system32\inetppui.dll 16384 bytes executable
    C:\WINDOWS\system32\inetres.dll 50688 bytes executable
    C:\WINDOWS\system32\inetsrv
    C:\WINDOWS\system32\ipxpromn.dll 74240 bytes executable
    C:\WINDOWS\system32\ipxrip.dll 21504 bytes executable
    C:\WINDOWS\system32\ipxroute.exe 24576 bytes executable
    C:\WINDOWS\system32\ipxrtmgr.dll 39936 bytes executable
    C:\WINDOWS\system32\ipxsap.dll 66560 bytes executable
    C:\WINDOWS\system32\ipxwan.dll 20992 bytes executable
    C:\WINDOWS\system32\ir32_32.dll 199168 bytes executable
    C:\WINDOWS\system32\ir41_32.ax 848384 bytes executable
    C:\WINDOWS\system32\ir41_32.dll 756736 bytes executable
    C:\WINDOWS\system32\ir41_qc.dll 120320 bytes executable
    C:\WINDOWS\system32\ir41_qcx.dll 338432 bytes executable
    C:\WINDOWS\system32\ir50_32.dll 755200 bytes executable
    C:\WINDOWS\system32\ir50_32.qtx 675328 bytes executable
    C:\WINDOWS\system32\ir50_qc.dll 200192 bytes executable
    C:\WINDOWS\system32\ir50_qcx.dll 183808 bytes executable
    C:\WINDOWS\system32\irclass.dll 13312 bytes executable
    C:\WINDOWS\system32\irisco32.dll 23040 bytes executable
    C:\WINDOWS\system32\irprops.cpl 380928 bytes executable
    C:\WINDOWS\system32\kbdbene.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdblr.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdbr.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdbu.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdca.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdcan.dll 7680 bytes executable
    C:\WINDOWS\system32\kbdcr.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdcz.dll 7168 bytes executable
    C:\WINDOWS\system32\kbdcz1.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdcz2.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdda.dll 6144 bytes executable
    C:\WINDOWS\system32\kbddv.dll 5120 bytes executable
    C:\WINDOWS\system32\kbdes.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdest.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfc.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfi.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfi1.dll 7168 bytes executable
    C:\WINDOWS\system32\kbdfo.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdfr.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdgae.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdgkl.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdgr.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdgr1.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdhe.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdhe220.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdhe319.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdhela2.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdhela3.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdhept.dll 8192 bytes executable
    C:\WINDOWS\system32\kbdhu.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdhu1.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdic.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdinbe1.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdinben.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdinmal.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdir.dll 5632 bytes executable
    C:\WINDOWS\system32\lprhelp.dll 10240 bytes executable
    C:\WINDOWS\system32\lprmonui.dll 9216 bytes executable
    C:\WINDOWS\system32\LQCUI2.dll 90112 bytes executable
    C:\WINDOWS\system32\lsasrv.dll 728576 bytes executable
    C:\WINDOWS\system32\lsass.exe 13312 bytes executable
    C:\WINDOWS\system32\LTDIS11n.dll 262656 bytes executable
    C:\WINDOWS\system32\LTDIS12N.DLL 259072 bytes executable
    C:\WINDOWS\system32\ltdis13n.dll 299008 bytes executable
    C:\WINDOWS\system32\LTEFX12N.DLL 207872 bytes executable
    C:\WINDOWS\system32\ltefx13n.dll 206336 bytes executable
    C:\WINDOWS\system32\ltfil11n.DLL 118784 bytes executable
    C:\WINDOWS\system32\LTFIL12N.DLL 131072 bytes executable
    C:\WINDOWS\system32\ltfil13n.dll 163840 bytes executable
    C:\WINDOWS\system32\ltimg11n.dll 127488 bytes executable
    C:\WINDOWS\system32\mciole16.dll 8192 bytes
    C:\WINDOWS\system32\mciole32.dll 7680 bytes executable
    C:\WINDOWS\system32\mciqtz.drv 11776 bytes
    C:\WINDOWS\system32\mciqtz32.dll 35328 bytes executable
    C:\WINDOWS\system32\mciseq.dll 23040 bytes executable
    C:\WINDOWS\system32\mciseq.drv 25280 bytes
    C:\WINDOWS\system32\mciwave.dll 23552 bytes executable
    C:\WINDOWS\system32\mciwave.drv 28160 bytes
    C:\WINDOWS\system32\MCMLDSC2.dll 339968 bytes executable
    C:\WINDOWS\system32\mdhcp.dll 50176 bytes executable
    C:\WINDOWS\system32\mdminst.dll 120320 bytes executable
    C:\WINDOWS\system32\mdmxsdk.dll 86016 bytes executable
    C:\WINDOWS\system32\mdwmdmsp.dll 147968 bytes executable
    C:\WINDOWS\system32\mem.exe 39434 bytes
    C:\WINDOWS\system32\mf3216.dll 40960 bytes executable
    C:\WINDOWS\system32\mfc40.dll 924432 bytes executable
    C:\WINDOWS\system32\mfc40loc.dll 45568 bytes executable
    C:\WINDOWS\system32\mfc40u.dll 927504 bytes executable
    C:\WINDOWS\system32\midimap.dll 18944 bytes executable
    C:\WINDOWS\system32\miglibnt.dll 60928 bytes executable
    C:\WINDOWS\system32\migpwd.exe 52736 bytes executable
    C:\WINDOWS\system32\mimefilt.dll 29696 bytes executable
    C:\WINDOWS\system32\mindex.dll 163840 bytes executable
    C:\WINDOWS\system32\mlang.dat 673088 bytes
    C:\WINDOWS\system32\mlang.dll 586240 bytes executable
    C:\WINDOWS\system32\mll_hp.dll 3584 bytes executable
    C:\WINDOWS\system32\mll_mtf.dll 7680 bytes executable
    C:\WINDOWS\system32\mll_qic.dll 5632 bytes executable
    C:\WINDOWS\system32\mmc.exe 816128 bytes executable
    C:\WINDOWS\system32\mmcbase.dll 79872 bytes executable
    C:\WINDOWS\system32\mmcndmgr.dll 1198080 bytes executable
    C:\WINDOWS\system32\mmcshext.dll 50688 bytes executable
    C:\WINDOWS\system32\mmdriver.inf 1490 bytes
    C:\WINDOWS\system32\mmdrv.dll 12288 bytes executable
    C:\WINDOWS\system32\mmfutil.dll 17920 bytes executable
    C:\WINDOWS\system32\mmsys.cpl 626176 bytes executable
    C:\WINDOWS\system32\mmsystem.dll 70688 bytes
    C:\WINDOWS\system32\mmtask.tsk 1152 bytes
    C:\WINDOWS\system32\mmutilse.dll 119808 bytes executable
    C:\WINDOWS\system32\mnmdd.dll 34560 bytes executable
    C:\WINDOWS\system32\mnmsrvc.exe 32768 bytes executable
    C:\WINDOWS\system32\mobsync.dll 210432 bytes executable
    C:\WINDOWS\system32\mobsync.exe 144384 bytes executable
    C:\WINDOWS\system32\modemui.dll 156160 bytes executable
    C:\WINDOWS\system32\modex.dll 10112 bytes executable
    C:\WINDOWS\system32\more.com 15872 bytes executable
    C:\WINDOWS\system32\moricons.dll 216064 bytes executable
    C:\WINDOWS\system32\mountvol.exe 8192 bytes executable
    C:\WINDOWS\system32\mouse.drv 2032 bytes
    C:\WINDOWS\system32\MP43DECD.dll 259072 bytes executable
    C:\WINDOWS\system32\MP43DMOD.dll 4096 bytes executable
    C:\WINDOWS\system32\MP4SDECD.dll 317440 bytes executable
    C:\WINDOWS\system32\MP4SDMOD.dll 4096 bytes executable
    C:\WINDOWS\system32\mpeg2data.ax 118272 bytes executable
    C:\WINDOWS\system32\mpg2splt.ax 148992 bytes executable
    C:\WINDOWS\system32\mpg4c32.dll 413760 bytes executable
    C:\WINDOWS\system32\MPG4DECD.dll 259072 bytes executable
    C:\WINDOWS\system32\MPG4DMOD.dll 4096 bytes executable
    C:\WINDOWS\system32\mpg4ds32.ax 262144 bytes executable
    C:\WINDOWS\system32\mplay32.exe 124928 bytes executable
    C:\WINDOWS\system32\mpnotify.exe 22016 bytes executable
    C:\WINDOWS\system32\mpr.dll 59904 bytes executable
    C:\WINDOWS\system32\mprapi.dll 87040 bytes executable
    C:\WINDOWS\system32\mprddm.dll 69120 bytes executable
    C:\WINDOWS\system32\mprdim.dll 49152 bytes executable
    C:\WINDOWS\system32\mprmsg.dll 114688 bytes executable
    C:\WINDOWS\system32\mprui.dll 47616 bytes executable
    C:\WINDOWS\system32\MQTQueen.dll 69632 bytes executable
    C:\WINDOWS\system32\MQTQueen2.dll 69632 bytes executable
    C:\WINDOWS\system32\MQueen.dll 245760 bytes executable
    C:\WINDOWS\system32\MQueen2.dll 81920 bytes executable
    C:\WINDOWS\system32\mrinfo.exe 14336 bytes executable
    C:\WINDOWS\system32\MRT.exe 18684536 bytes executable
    C:\WINDOWS\system32\msaatext.dll 102912 bytes executable
    C:\WINDOWS\system32\msacm.dll 61312 bytes
    C:\WINDOWS\system32\msacm32.dll 72192 bytes executable
    C:\WINDOWS\system32\msadds32.ax 221184 bytes executable
    C:\WINDOWS\system32\msadp32.acm 14848 bytes executable
    C:\WINDOWS\system32\msafd.dll 3584 bytes executable
    C:\WINDOWS\system32\msapsspc.dll 86016 bytes executable
    C:\WINDOWS\system32\msasn1.dll 57344 bytes executable
    C:\WINDOWS\system32\msaud32.acm 294912 bytes executable
    C:\WINDOWS\system32\msaudite.dll 77312 bytes executable
    C:\WINDOWS\system32\msawt.dll 154384 bytes executable
    C:\WINDOWS\system32\mscat32.dll 7168 bytes executable
    C:\WINDOWS\system32\mscdexnt.exe 817 bytes
    C:\WINDOWS\system32\mscms.dll 74240 bytes executable
    C:\WINDOWS\system32\mscomct2.ocx 647872 bytes executable
    C:\WINDOWS\system32\mscomctl.ocx 1066176 bytes executable
    C:\WINDOWS\system32\MSCOMM32.OCX 103744 bytes executable
    C:\WINDOWS\system32\msconf.dll 69632 bytes executable
    C:\WINDOWS\system32\mscoree.dll 271360 bytes executable
    C:\WINDOWS\system32\mscorier.dll 150016 bytes executable
    C:\WINDOWS\system32\mscories.dll 74240 bytes executable
    C:\WINDOWS\system32\mscpx32r.dll 12288 bytes executable
    C:\WINDOWS\system32\mscpxl32.dll 36864 bytes executable
    C:\WINDOWS\system32\msctf.dll 294400 bytes executable
    C:\WINDOWS\system32\msctfime.ime 177152 bytes executable
    C:\WINDOWS\system32\msctfp.dll 69120 bytes executable
    C:\WINDOWS\system32\msdadiag.dll 118784 bytes executable
    C:\WINDOWS\system32\msdart.dll 151552 bytes executable
    C:\WINDOWS\system32\msdatsrc.tlb 12288 bytes executable
    C:\WINDOWS\system32\msdelta.dll 312128 bytes executable
    C:\WINDOWS\system32\msdmo.dll 14336 bytes executable
    C:\WINDOWS\system32\MsDtc
    C:\WINDOWS\system32\msdtc.exe 6144 bytes executable
    C:\WINDOWS\system32\msdtclog.dll 58880 bytes executable
    C:\WINDOWS\system32\msyuv.dll 17408 bytes executable
    C:\WINDOWS\system32\mtxclu.dll 66560 bytes executable
    C:\WINDOWS\system32\mtxdm.dll 20480 bytes executable
    C:\WINDOWS\system32\mtxex.dll 4096 bytes executable
    C:\WINDOWS\system32\mtxlegih.dll 25088 bytes executable
    C:\WINDOWS\system32\mtxoci.dll 91136 bytes executable
    C:\WINDOWS\system32\mtxparhd.dll 1737856 bytes executable
    C:\WINDOWS\system32\mucltui.dll 271224 bytes executable
    C:\WINDOWS\system32\mucltui.dll.mui 30072 bytes executable
    C:\WINDOWS\system32\mui
    C:\WINDOWS\system32\muweb.dll 207736 bytes executable
    C:\WINDOWS\system32\mycomput.dll 90624 bytes executable
    C:\WINDOWS\system32\mydocs.dll 91648 bytes executable
    C:\WINDOWS\system32\narrator.exe 55296 bytes executable
    C:\WINDOWS\system32\narrhook.dll 36352 bytes executable
    C:\WINDOWS\system32\navipromo_377.xml.gz 18600 bytes
    C:\WINDOWS\system32\nbtstat.exe 21504 bytes executable
    C:\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
    C:\WINDOWS\system32\ncpa.cpl 35840 bytes executable
    C:\WINDOWS\system32\ncpa.cpl.manifest 749 bytes
    C:\WINDOWS\system32\netid.dll 144896 bytes executable
    C:\WINDOWS\system32\netlogon.dll 407040 bytes executable
    C:\WINDOWS\system32\netman.dll 197632 bytes executable
    C:\WINDOWS\system32\netmsg.dll 200192 bytes executable
    C:\WINDOWS\system32\netplwiz.dll 885248 bytes executable
    C:\WINDOWS\system32\netrap.dll 12288 bytes executable
    C:\WINDOWS\system32\netsetup.cpl 25600 bytes executable
    C:\WINDOWS\system32\netsetup.exe 332800 bytes executable
    C:\WINDOWS\system32\netsh.exe 88576 bytes executable
    C:\WINDOWS\system32\netshell.dll 1723904 bytes executable
    C:\WINDOWS\system32\netstat.exe 37888 bytes executable
    C:\WINDOWS\system32\netui0.dll 83456 bytes executable
    C:\WINDOWS\system32\netui1.dll 245760 bytes executable
    C:\WINDOWS\system32\netui2.dll 312832 bytes executable
    C:\WINDOWS\system32\newdev.dll 251392 bytes executable
    C:\WINDOWS\system32\NkNEFPlugin.dll 2813952 bytes executable
    C:\WINDOWS\system32\nlhtml.dll 98304 bytes executable
    C:\WINDOWS\system32\nlsdl.dll 24576 bytes executable
    C:\WINDOWS\system32\nlsfunc.exe 7116 bytes
    C:\WINDOWS\system32\npptools.dll 55296 bytes executable
    C:\WINDOWS\system32\npwmsdrm.dll 8704 bytes executable
    C:\WINDOWS\system32\nscompat.tlb 23392 bytes
    C:\WINDOWS\system32\nslookup.exe 79360 bytes executable
    C:\WINDOWS\system32\ntdll.dll 733184 bytes executable
    C:\WINDOWS\system32\ntdos.sys 27916 bytes
    C:\WINDOWS\system32\ntdos404.sys 29146 bytes
    C:\WINDOWS\system32\ntdos411.sys 29370 bytes
    C:\WINDOWS\system32\ntdos412.sys 29274 bytes
    C:\WINDOWS\system32\ntdos804.sys 29146 bytes
    C:\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
    C:\WINDOWS\system32\ntimage.gif 48794 bytes
    C:\WINDOWS\system32\ntio.sys 34000 bytes
    C:\WINDOWS\system32\ntio404.sys 34560 bytes
    C:\WINDOWS\system32\ntio411.sys 35648 bytes
    C:\WINDOWS\system32\ntio412.sys 35424 bytes
    C:\WINDOWS\system32\ntio804.sys 34560 bytes
    C:\WINDOWS\system32\ntkrnlpa.exe 2059648 bytes executable
    C:\WINDOWS\system32\ntlanman.dll 43520 bytes executable
    C:\WINDOWS\system32\ntlanui.dll 59392 bytes executable
    C:\WINDOWS\system32\ntlanui2.dll 14848 bytes executable
    C:\WINDOWS\system32\ntlsapi.dll 8192 bytes executable
    C:\WINDOWS\system32\ntmarta.dll 119808 bytes executable
    C:\WINDOWS\system32\ntmsapi.dll 40960 bytes executable
    C:\WINDOWS\system32\ntmsdba.dll 181248 bytes executable
    C:\WINDOWS\system32\ntmsevt.dll 45056 bytes executable
    C:\WINDOWS\system32\ntmsmgr.dll 496640 bytes executable
    C:\WINDOWS\system32\ntmsmgr.msc 25901 bytes
    C:\WINDOWS\system32\ntmsoprq.msc 32590 bytes
    C:\WINDOWS\system32\ntmssvc.dll 438272 bytes executable
    C:\WINDOWS\system32\ntoskrnl.exe 2182400 bytes executable
    C:\WINDOWS\system32\ntprint.dll 91648 bytes executable
    C:\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
    C:\WINDOWS\system32\ntshrui.dll 145920 bytes executable
    C:\WINDOWS\system32\ntvdm.exe 420864 bytes executable
    C:\WINDOWS\system32\ntvdmd.dll 13312 bytes executable
    C:\WINDOWS\system32\nusrmgr.cpl 261120 bytes executable
    C:\WINDOWS\system32\nv4_disp.dll 3902603 bytes executable
    C:\WINDOWS\system32\nvcpl.dll 4841472 bytes executable
    C:\WINDOWS\system32\nview.dll 852038 bytes executable
    C:\WINDOWS\system32\nviewimg.dll 512000 bytes executable
    C:\WINDOWS\system32\nvinstnt.dll 126976 bytes executable
    C:\WINDOWS\system32\nvmctray.dll 49152 bytes executable
    C:\WINDOWS\system32\nvoglnt.dll 3850240 bytes executable
    C:\WINDOWS\system32\nvrsar.dll 2863104 bytes executable
    C:\WINDOWS\system32\nvrscs.dll 262144 bytes executable
    C:\WINDOWS\system32\nvrsda.dll 266240 bytes executable
    C:\WINDOWS\system32\nvrsde.dll 274432 bytes executable
    C:\WINDOWS\system32\nvrsel.dll 270336 bytes executable
    C:\WINDOWS\system32\nvrseng.dll 266240 bytes executable
    C:\WINDOWS\system32\rasadhlp.dll 8192 bytes executable
    C:\WINDOWS\system32\rasapi32.dll 237056 bytes executable
    C:\WINDOWS\system32\rasauto.dll 89088 bytes executable
    C:\WINDOWS\system32\rasautou.exe 11776 bytes executable
    C:\WINDOWS\system32\raschap.dll 69632 bytes executable
    C:\WINDOWS\system32\rasctrnm.h 1818 bytes
    C:\WINDOWS\system32\rasctrs.dll 12288 bytes executable
    C:\WINDOWS\system32\rasctrs.ini 6212 bytes
    C:\WINDOWS\system32\rasdial.exe 11776 bytes executable
    C:\WINDOWS\system32\rasdlg.dll 685056 bytes executable
    C:\WINDOWS\system32\rasman.dll 61440 bytes executable
    C:\WINDOWS\system32\rasmans.dll 181248 bytes executable
    C:\WINDOWS\system32\rasmontr.dll 148480 bytes executable
    C:\WINDOWS\system32\rasmxs.dll 22528 bytes executable
    C:\WINDOWS\system32\rasphone.exe 57344 bytes executable
    C:\WINDOWS\system32\rasppp.dll 206336 bytes executable
    C:\WINDOWS\system32\rasrad.dll 23552 bytes executable
    C:\WINDOWS\system32\rassapi.dll 16896 bytes executable
    C:\WINDOWS\system32\perfwci.h 435 bytes
    C:\WINDOWS\system32\perfwci.ini 2994 bytes
    C:\WINDOWS\system32\pfsibjs.exe 75776 bytes
    C:\WINDOWS\system32\PhotoImpression Screen Saver.scr 163840 bytes executable
    C:\WINDOWS\system32\photometadatahandler.dll 412160 bytes executable
    C:\WINDOWS\system32\photowiz.dll 172032 bytes executable
    C:\WINDOWS\system32\picn1020.dll 155648 bytes executable
    C:\WINDOWS\system32\picn1120.dll 180224 bytes executable
    C:\WINDOWS\system32\picn20.dll 48128 bytes executable
    C:\WINDOWS\system32\PICSDK.dll 479232 bytes executable
    C:\WINDOWS\system32\PICSDK.ini 99 bytes
    C:\WINDOWS\system32\pid.dll 35328 bytes executable
    C:\WINDOWS\system32\pidgen.dll 24064 bytes executable
    C:\WINDOWS\system32\pifmgr.dll 35328 bytes executable
    C:\WINDOWS\system32\ping.exe 19456 bytes executable
    C:\WINDOWS\system32\ping6.exe 34304 bytes executable
    C:\WINDOWS\system32\pjlmon.dll 15360 bytes executable
    C:\WINDOWS\system32\plustab.dll 30720 bytes executable
    C:\WINDOWS\system32\pmspl.dll 46592 bytes
    C:\WINDOWS\system32\regwizc.dll 405504 bytes executable
    C:\WINDOWS\system32\ReinstallBackups
    C:\WINDOWS\system32\remotepg.dll 61952 bytes executable
    C:\WINDOWS\system32\remotesp.tsp 76800 bytes executable
    C:\WINDOWS\system32\rend.dll 107520 bytes executable
    C:\WINDOWS\system32\replace.exe 12800 bytes executable
    C:\WINDOWS\system32\reset.exe 10240 bytes executable
    C:\WINDOWS\system32\Restore
    C:\WINDOWS\system32\resutils.dll 58880 bytes executable
    C:\WINDOWS\system32\rexec.exe 14848 bytes executable
    C:\WINDOWS\system32\ReyXp.ocx 532480 bytes executable
    C:\WINDOWS\system32\Rey_SubClasser.dll 98304 bytes executable
    C:\WINDOWS\system32\riched20.dll 433152 bytes executable
    C:\WINDOWS\system32\riched32.dll 3584 bytes executable
    C:\WINDOWS\system32\RICHTX32.OCX 203976 bytes executable
    C:\WINDOWS\system32\rsvpcnts.h 3178 bytes
    C:\WINDOWS\system32\rsvpmsg.dll 29696 bytes executable
    C:\WINDOWS\system32\rsvpperf.dll 9728 bytes executable
    C:\WINDOWS\system32\rsvpsp.dll 90112 bytes executable
    C:\WINDOWS\system32\RTCRES.dll 137216 bytes executable
    C:\WINDOWS\system32\rtcshare.exe 78336 bytes executable
    C:\WINDOWS\system32\rtipxmib.dll 31744 bytes executable
    C:\WINDOWS\system32\rtm.dll 98304 bytes executable
    C:\WINDOWS\system32\rtutils.dll 44032 bytes executable
    C:\WINDOWS\system32\runas.exe 17408 bytes executable
    C:\WINDOWS\system32\rundll32.exe 33792 bytes executable
    C:\WINDOWS\system32\runonce.exe 14336 bytes executable
    C:\WINDOWS\system32\rwinsta.exe 16384 bytes executable
    C:\WINDOWS\system32\s3gnb.dll 397056 bytes executable
    C:\WINDOWS\system32\safrcdlg.dll 43520 bytes executable
    C:\WINDOWS\system32\safrdm.dll 29696 bytes executable
    C:\WINDOWS\system32\safrslv.dll 45568 bytes executable
    C:\WINDOWS\system32\samlib.dll 64000 bytes executable
    C:\WINDOWS\system32\samsrv.dll 431104 bytes executable
    C:\WINDOWS\system32\Samsung_USB_Drivers
    C:\WINDOWS\system32\sapi.cpl.manifest 749 bytes
    C:\WINDOWS\system32\scrrun.dll 151552 bytes executable
    C:\WINDOWS\system32\sdbinst.exe 78848 bytes executable
    C:\WINDOWS\system32\sdhcinst.dll 29184 bytes executable
    C:\WINDOWS\system32\sdpblb.dll 130048 bytes executable
    C:\WINDOWS\system32\seclogon.dll 18944 bytes executable
    C:\WINDOWS\system32\secupd.dat 4569 bytes
    C:\WINDOWS\system32\secupd.sig 7208 bytes
    C:\WINDOWS\system32\secur32.dll 55808 bytes executable
    C:\WINDOWS\system32\security.dll 5632 bytes executable
    C:\WINDOWS\system32\sendcmsg.dll 29696 bytes executable
    C:\WINDOWS\system32\sendmail.dll 55296 bytes executable
    C:\WINDOWS\system32\sens.dll 38912 bytes executable
    C:\WINDOWS\system32\sensapi.dll 6656 bytes executable
    C:\WINDOWS\system32\senscfg.dll 13824 bytes executable
    C:\WINDOWS\system32\serialui.dll 14848 bytes executable
    C:\WINDOWS\system32\servdeps.dll 56320 bytes executable
    C:\WINDOWS\system32\services.exe 108544 bytes executable
    C:\WINDOWS\system32\services.msc 33075 bytes
    C:\WINDOWS\system32\shdoclc.dll 572416 bytes executable
    C:\WINDOWS\system32\shdocvw.dll 1497088 bytes executable
    C:\WINDOWS\system32\shell.dll 5120 bytes
    C:\WINDOWS\system32\shell32.dll 8516608 bytes executable
    C:\WINDOWS\system32\ShellExt
    C:\WINDOWS\system32\ShellMPD.dll 446976 bytes executable
    C:\WINDOWS\system32\shellstyle.dll 435712 bytes executable
    C:\WINDOWS\system32\shfolder.dll 25088 bytes executable
    C:\WINDOWS\system32\shgina.dll 68096 bytes executable
    C:\WINDOWS\system32\label.exe 9728 bytes executable
    C:\WINDOWS\system32\lfgif11n.dll 41472 bytes executable
    C:\WINDOWS\system32\lights.exe 30208 bytes executable
    C:\WINDOWS\system32\lpr.exe 9216 bytes executable
    C:\WINDOWS\system32\LTIMG12N.DLL 164864 bytes executable
    C:\WINDOWS\system32\main.cpl 189952 bytes executable
    C:\WINDOWS\system32\mcicda.dll 17408 bytes executable
    C:\WINDOWS\system32\mfc42.dll 1028096 bytes executable
    C:\WINDOWS\system32\mode.com 19456 bytes executable
    C:\WINDOWS\system32\msacm32.drv 20992 bytes executable
    C:\WINDOWS\system32\msdtcprf.h 768 bytes
    C:\WINDOWS\system32\mshearts.exe 128000 bytes executable
    C:\WINDOWS\system32\msjava.dll 947472 bytes executable
    C:\WINDOWS\system32\msmapi32.ocx 137000 bytes executable
    C:\WINDOWS\system32\msports.dll 43008 bytes executable
    C:\WINDOWS\system32\mssign32.dll 36352 bytes executable
    C:\WINDOWS\system32\msvbvm50.dll 1355776 bytes executable
    C:\WINDOWS\system32\msxmlr.dll 30720 bytes executable
    C:\WINDOWS\system32\ncxpnt.dll 7680 bytes executable
    C:\WINDOWS\system32\neth.dll 291328 bytes executable
    C:\WINDOWS\system32\nmevtmsg.dll 12288 bytes executable
    C:\WINDOWS\system32\npp
    C:\WINDOWS\system32\ntsd.exe 31744 bytes executable
    C:\WINDOWS\system32\nvrses.dll 274432 bytes executable
    C:\WINDOWS\system32\nvsvc32.exe 77824 bytes executable
    C:\WINDOWS\system32\nvwrsno.dll 159744 bytes executable
    C:\WINDOWS\system32\odbc16gt.dll 26224 bytes
    C:\WINDOWS\system32\oeminfo.ini 414 bytes
    C:\WINDOWS\system32\oobe
    C:\WINDOWS\system32\PCCSet.cpl 98304 bytes executable
    C:\WINDOWS\system32\perfci.ini 3030 bytes
    C:\WINDOWS\system32\perfts.dll 12288 bytes executable
    C:\WINDOWS\system32\pncrt.dll 278528 bytes executable
    C:\WINDOWS\system32\portabledeviceapi.dll 284160 bytes executable
    C:\WINDOWS\system32\usp10.dll 406528 bytes executable
    C:\WINDOWS\system32\usrcntra.dll 61500 bytes executable
    C:\WINDOWS\system32\usrcoina.dll 69699 bytes executable
    C:\WINDOWS\system32\usrdpa.dll 77890 bytes executable
    C:\WINDOWS\system32\usrdtea.dll 323641 bytes executable
    C:\WINDOWS\system32\usrfaxa.dll 86073 bytes executable
    C:\WINDOWS\system32\usrlbva.dll 53305 bytes executable
    C:\WINDOWS\system32\usrlogon.cmd 1263 bytes
    C:\WINDOWS\system32\usrmlnka.exe 77891 bytes executable
    C:\WINDOWS\system32\usrprbda.exe 61508 bytes executable
    C:\WINDOWS\system32\usrrtosa.dll 77883 bytes executable
    C:\WINDOWS\system32\usrsdpia.dll 49211 bytes executable
    C:\WINDOWS\system32\usrshuta.exe 69700 bytes executable
    C:\WINDOWS\system32\usrsvpia.dll 41019 bytes executable
    C:\WINDOWS\system32\usrv42a.dll 102457 bytes executable
    C:\WINDOWS\system32\usrv80a.dll 49209 bytes executable
    C:\WINDOWS\system32\usrvoica.dll 45116 bytes executable
    C:\WINDOWS\system32\usrvpa.dll 49211 bytes executable
    C:\WINDOWS\system32\utildll.dll 26112 bytes executable
    C:\WINDOWS\system32\utilman.exe 50176 bytes executable
    C:\WINDOWS\system32\uwdf.exe 8704 bytes executable
    C:\WINDOWS\system32\uxtheme.dll 219648 bytes executable
    C:\WINDOWS\system32\taskmgr.exe 143360 bytes executable
    C:\WINDOWS\system32\tcmsetup.exe 13312 bytes executable
    C:\WINDOWS\system32\tcpmib.dll 14848 bytes executable
    C:\WINDOWS\system32\tcpmon.dll 46592 bytes executable
    C:\WINDOWS\system32\tcpmon.ini 53478 bytes
    C:\WINDOWS\system32\tcpmonui.dll 47104 bytes executable
    C:\WINDOWS\system32\tcpsvcs.exe 19456 bytes executable
    C:\WINDOWS\system32\tdc.ocx 66560 bytes executable
    C:\WINDOWS\system32\telephon.cpl 28160 bytes executable
    C:\WINDOWS\system32\telnet.exe 78336 bytes executable
    C:\WINDOWS\system32\termmgr.dll 358912 bytes executable
    C:\WINDOWS\system32\termsrv.dll 297984 bytes executable
    C:\WINDOWS\system32\tftp.exe 17920 bytes executable
    C:\WINDOWS\system32\themeui.dll 391168 bytes executable
    C:\WINDOWS\system32\Thumbs.db 5632 bytes
    C:\WINDOWS\system32\ticrf.rat 1988 bytes
    C:\WINDOWS\system32\timedate.cpl 94208 bytes executable
    C:\WINDOWS\system32\timer.drv 4096 bytes
    C:\WINDOWS\system32\wbcache.enu 65489 bytes
    C:\WINDOWS\system32\wbcache.esn 65489 bytes
    C:\WINDOWS\system32\wbcache.fra 65489 bytes
    C:\WINDOWS\system32\wbcache.ita 65489 bytes
    C:\WINDOWS\system32\wbcache.nld 65489 bytes
    C:\WINDOWS\system32\wbcache.sve 65489 bytes
    C:\WINDOWS\system32\wbdbase.deu 1309184 bytes
    C:\WINDOWS\system32\wbdbase.enu 957440 bytes
    C:\WINDOWS\system32\wbdbase.esn 750080 bytes
    C:\WINDOWS\system32\wbdbase.fra 786944 bytes
    C:\WINDOWS\system32\wbdbase.ita 867840 bytes
    C:\WINDOWS\system32\wbdbase.nld 1095680 bytes
    C:\WINDOWS\system32\wbdbase.sve 937984 bytes
    C:\WINDOWS\system32\wbem
    C:\WINDOWS\system32\wdfapi.dll 4096 bytes executable
    C:\WINDOWS\system32\wdfmgr.exe 8704 bytes executable
    C:\WINDOWS\system32\wdigest.dll 49152 bytes executable
    C:\WINDOWS\system32\wdl.trm 4096 bytes
    C:\WINDOWS\system32\wdmaud.drv 23552 bytes executable
    C:\WINDOWS\system32\webcheck.dll 232960 bytes executable
    C:\WINDOWS\system32\webclnt.dll 68096 bytes executable
    C:\WINDOWS\system32\webfldrs.msi 1355776 bytes
    C:\WINDOWS\system32\webhits.dll 40960 bytes executable
    C:\WINDOWS\system32\webvw.dll 136192 bytes executable
    C:\WINDOWS\system32\wextract.exe 66560 bytes executable
    C:\WINDOWS\system32\WgaLogon.dll 236928 bytes executable
    C:\WINDOWS\system32\WgaTray.exe 337280 bytes executable
    C:\WINDOWS\system32\wiaacmgr.exe 438784 bytes executable
    C:\WINDOWS\system32\wiadefui.dll 465920 bytes executable
    C:\WINDOWS\system32\wiadss.dll 124928 bytes executable
    C:\WINDOWS\system32\wiascr.dll 75776 bytes executable
    C:\WINDOWS\system32\wiaservc.dll 334336 bytes executable
    C:\WINDOWS\system32\wiasf.ax 40448 bytes executable
    C:\WINDOWS\system32\wiashext.dll 594432 bytes executable
    C:\WINDOWS\system32\wiavideo.dll 111104 bytes executable
    C:\WINDOWS\system32\wiavusd.dll 145408 bytes executable
    C:\WINDOWS\system32\wifeman.dll 9216 bytes
    C:\WINDOWS\system32\win.com 18432 bytes executable
    C:\WINDOWS\system32\win32k.sys 1843712 bytes executable
    C:\WINDOWS\system32\win32spl.dll 102400 bytes executable
    C:\WINDOWS\system32\win87em.dll 13312 bytes
    C:\WINDOWS\system32\winbrand.dll 938496 bytes executable
    C:\WINDOWS\system32\winchat.exe 35840 bytes executable
    C:\WINDOWS\system32\winscard.dll 100352 bytes executable
    C:\WINDOWS\system32\winshfhc.dll 17408 bytes executable
    C:\WINDOWS\system32\winsock.dll 2864 bytes
    C:\WINDOWS\system32\winspool.drv 146944 bytes executable
    C:\WINDOWS\system32\winspool.exe 2112 bytes
    C:\WINDOWS\system32\winsrv.dll 293376 bytes executable
    C:\WINDOWS\system32\winsta.dll 53760 bytes executable
    C:\WINDOWS\system32\winstrm.dll 21504 bytes executable
    C:\WINDOWS\system32\wintrust.dll 176640 bytes executable
    C:\WINDOWS\system32\winver.exe 5632 bytes executable
    C:\WINDOWS\system32\wjview.exe 171792 bytes executable
    C:\WINDOWS\system32\wkssvc.dll 132096 bytes executable
    C:\WINDOWS\system32\wldap32.dll 172544 bytes executable
    C:\WINDOWS\system32\wlnotify.dll 94208 bytes executable
    C:\WINDOWS\system32\wmadmod.dll 757248 bytes executable
    C:\WINDOWS\system32\WMADMOE.dll 1117696 bytes executable
    C:\WINDOWS\system32\wmasf.dll 222720 bytes executable
    C:\WINDOWS\system32\wmdmlog.dll 33792 bytes executable
    C:\WINDOWS\system32\wmdmps.dll 37376 bytes executable
    C:\WINDOWS\system32\wmdrmdev.dll 429056 bytes executable
    C:\WINDOWS\system32\wmdrmnet.dll 348672 bytes executable
    C:\WINDOWS\system32\wmdrmsdk.dll 535040 bytes executable
    C:\WINDOWS\system32\vatee.ax 86016 bytes executable
    C:\WINDOWS\system32\VB6FR.DLL 119568 bytes executable
    C:\WINDOWS\system32\vbajet32.dll 30749 bytes executable
    C:\WINDOWS\system32\vbar332.dll 368912 bytes executable
    C:\WINDOWS\system32\vbisurf.ax 30720 bytes executable
    C:\WINDOWS\system32\vbscript.dll 413696 bytes executable
    C:\WINDOWS\system32\vbsfr.dll 24624 bytes executable
    C:\WINDOWS\system32\vcdex.dll 7680 bytes executable
    C:\WINDOWS\system32\vct3216.acm 82944 bytes executable
    C:\WINDOWS\system32\vdmdbg.dll 26112 bytes executable
    C:\WINDOWS\system32\vdmredir.dll 51712 bytes executable
    C:\WINDOWS\system32\ver.dll 9104 bytes
    C:\WINDOWS\system32\verclsid.exe 28672 bytes executable
    C:\WINDOWS\system32\verifier.dll 13312 bytes executable
    C:\WINDOWS\system32\verifier.exe 102912 bytes executable
    C:\WINDOWS\system32\version.dll 18944 bytes executable
    C:\WINDOWS\system32\VFind.exe 49152 bytes executable
    C:\WINDOWS\system32\vfpodbc.dll 20535 bytes executable
    C:\WINDOWS\system32\vfwwdm32.dll 54784 bytes executable
    C:\WINDOWS\system32\vga.dll 9344 bytes executable
    C:\WINDOWS\system32\vga.drv 2176 bytes
    C:\WINDOWS\system32\vga256.dll 51456 bytes executable
    C:\WINDOWS\system32\spnpinst.exe 11776 bytes executable
    C:\WINDOWS\system32\spool
    C:\WINDOWS\system32\spoolss.dll 74752 bytes executable
    C:\WINDOWS\system32\spoolsv.exe 57856 bytes executable
    C:\WINDOWS\system32\sprestrt.exe 9728 bytes executable
    C:\WINDOWS\system32\sprio600.dll 70656 bytes executable
    C:\WINDOWS\system32\sprio800.dll 72192 bytes executable
    C:\WINDOWS\system32\spupdsvc.exe 23856 bytes executable
    C:\WINDOWS\system32\spupdwxp.exe 21504 bytes executable
    C:\WINDOWS\system32\spupdwxp.log 249 bytes
    C:\WINDOWS\system32\spxcoins.dll 24661 bytes executable
    C:\WINDOWS\system32\sqlsodbc.chm 49345 bytes
    C:\WINDOWS\system32\sqlsrv32.dll 442368 bytes executable
    C:\WINDOWS\system32\sqlsrv32.rll 98304 bytes executable
    C:\WINDOWS\system32\sqlunirl.dll 180800 bytes executable
    C:\WINDOWS\system32\sqlwid.dll 24603 bytes executable
    C:\WINDOWS\system32\tscfgwmi.dll 94208 bytes executable
    C:\WINDOWS\system32\tscon.exe 15360 bytes executable
    C:\WINDOWS\system32\tscupgrd.exe 44544 bytes executable
    C:\WINDOWS\system32\tsd32.dll 15360 bytes executable
    C:\WINDOWS\system32\tsddd.dll 12168 bytes executable
    C:\WINDOWS\system32\tsdiscon.exe 14848 bytes executable
    C:\WINDOWS\system32\tskill.exe 16896 bytes executable
    C:\WINDOWS\system32\tslabels.h 3286 bytes
    C:\WINDOWS\system32\tslabels.ini 27768 bytes
    C:\WINDOWS\system32\tsshutdn.exe 17408 bytes executable
    C:\WINDOWS\system32\tssoft32.acm 8192 bytes executable
    C:\WINDOWS\system32\TWAIN_32.DLL 77312 bytes executable
    C:\WINDOWS\system32\twext.dll 44032 bytes executable
    C:\WINDOWS\system32\wpa.dbl 1158 bytes
    C:\WINDOWS\system32\wpabaln.exe 32256 bytes executable
    C:\WINDOWS\system32\wpdconns.dll 35840 bytes executable
    C:\WINDOWS\system32\wpdmtp.dll 154624 bytes executable
    C:\WINDOWS\system32\wpdmtpdr.dll 331776 bytes executable
    C:\WINDOWS\system32\wpdmtpus.dll 63488 bytes executable
    C:\WINDOWS\system32\WpdShext.dll 2603008 bytes executable
    C:\WINDOWS\system32\wpdshextautoplay.exe 17408 bytes executable
    C:\WINDOWS\system32\wpdshextres.dll 44032 bytes executable
    C:\WINDOWS\system32\wpdshserviceobj.dll 133632 bytes executable
    C:\WINDOWS\system32\wpdsp.dll 356352 bytes executable
    C:\WINDOWS\system32\wpdtrace.dll 13312 bytes executable
    C:\WINDOWS\system32\wpd_ci.dll 629760 bytes executable
    C:\WINDOWS\system32\wpnpinst.exe 32768 bytes executable
    C:\WINDOWS\system32\write.exe 5632 bytes executable
    C:\WINDOWS\system32\ws2help.dll 19968 bytes executable
    C:\WINDOWS\system32\ws2_32.dll 82944 bytes executable
    C:\WINDOWS\system32\wscntfy.exe 13824 bytes executable
    C:\WINDOWS\system32\wscript.exe 114688 bytes executable
    C:\WINDOWS\system32\wscsvc.dll 81408 bytes executable
    C:\WINDOWS\system32\wscui.cpl 148480 bytes executable
    C:\WINDOWS\system32\wshatm.dll 9216 bytes executable
    C:\WINDOWS\system32\wshbth.dll 108032 bytes executable
    C:\WINDOWS\system32\wshcon.dll 28672 bytes executable
    C:\WINDOWS\system32\wshext.dll 65536 bytes executable
    C:\WINDOWS\system32\wshfr.dll 57392 bytes executable
    C:\WINDOWS\system32\wship6.dll 14336 bytes executable
    C:\WINDOWS\system32\wshisn.dll 11776 bytes executable
    C:\WINDOWS\system32\odbc32.dll 249856 bytes executable
    C:\WINDOWS\system32\odbc32gt.dll 16384 bytes executable
    C:\WINDOWS\system32\odbcad32.exe 32768 bytes executable
    C:\WINDOWS\system32\odbcbcp.dll 24576 bytes executable
    C:\WINDOWS\system32\odbcconf.dll 135168 bytes executable
    C:\WINDOWS\system32\odbcconf.exe 69632 bytes executable
    C:\WINDOWS\system32\odbcconf.rsp 4310 bytes
    C:\WINDOWS\system32\odbccp32.cpl 32768 bytes executable
    C:\WINDOWS\system32\odbccp32.dll 106496 bytes executable
    C:\WINDOWS\system32\odbccr32.dll 65536 bytes executable
    C:\WINDOWS\system32\odbccu32.dll 65536 bytes executable
    C:\WINDOWS\system32\odbcint.dll 98304 bytes executable
    C:\WINDOWS\system32\odbcji32.dll 61712 bytes executable
    C:\WINDOWS\system32\odbcjt32.dll 278559 bytes executable
    C:\WINDOWS\system32\odbcp32r.dll 12288 bytes executable
    C:\WINDOWS\system32\odbctrac.dll 147456 bytes executable
    C:\WINDOWS\system32\oddbse32.dll 20511 bytes executable
    C:\WINDOWS\system32\odexl32.dll 20510 bytes executable
    C:\WINDOWS\system32\odfox32.dll 20510 bytes executable
    C:\WINDOWS\system32\odpdx32.dll 20510 bytes executable
    C:\WINDOWS\system32\odtext32.dll 20511 bytes executable
    C:\WINDOWS\system32\oembios.bin 13107200 bytes
    C:\WINDOWS\system32\oembios.dat 4512 bytes
    C:\WINDOWS\system32\oembios.sig 6788 bytes
    C:\WINDOWS\system32\gpkrsrc.dll 10240 bytes executable
    C:\WINDOWS\system32\graftabl.com 26112 bytes executable
    C:\WINDOWS\system32\graphics.com 19902 bytes
    C:\WINDOWS\system32\graphics.pro 21232 bytes
    C:\WINDOWS\system32\grpconv.exe 39424 bytes executable
    C:\WINDOWS\system32\GWFSPidGen.DLL 23304 bytes executable
    C:\WINDOWS\system32\dssec.dll 52736 bytes executable
    C:\WINDOWS\system32\dssenh.dll 137216 bytes executable
    C:\WINDOWS\system32\dsuiext.dll 113664 bytes executable
    C:\WINDOWS\system32\dswave.dll 19456 bytes executable
    C:\WINDOWS\system32\dtu100.dll 200704 bytes executable
    C:\WINDOWS\system32\dtu_fr.qm 3162 bytes
    C:\WINDOWS\system32\dumprep.exe 10752 bytes executable
    C:\WINDOWS\system32\dunzip32.dll 114688 bytes executable
    C:\WINDOWS\system32\duser.dll 304128 bytes executable
    C:\WINDOWS\system32\duzactx.dll 229376 bytes executable
    C:\WINDOWS\system32\dvdplay.exe 59392 bytes executable
    C:\WINDOWS\system32\dvdupgrd.exe 17920 bytes executable
    C:\WINDOWS\system32\dwwin.exe 180224 bytes executable
    C:\WINDOWS\system32\dx3j.dll 313856 bytes executable
    C:\WINDOWS\system32\dx7vb.dll 619008 bytes executable
    C:\WINDOWS\system32\dx8vb.dll 1227264 bytes executable
    C:\WINDOWS\system32\dxdiag.exe 1298432 bytes executable
    C:\WINDOWS\system32\dxdiagn.dll 2113536 bytes executable
    C:\WINDOWS\system32\mshta.exe 45568 bytes executable
    C:\WINDOWS\system32\mshtml.dll 3590656 bytes executable
    C:\WINDOWS\system32\mshtml.tlb 1383424 bytes executable
    C:\WINDOWS\system32\mshtmled.dll 478208 bytes executable
    C:\WINDOWS\system32\mshtmler.dll 48128 bytes executable
    C:\WINDOWS\system32\msi.dll 2854400 bytes executable
    C:\WINDOWS\system32\msident.dll 51712 bytes executable
    C:\WINDOWS\system32\msidle.dll 6656 bytes executable
    C:\WINDOWS\system32\msidntld.dll 16896 bytes executable
    C:\WINDOWS\system32\msieftp.dll 252416 bytes executable
    C:\WINDOWS\system32\msiexec.exe 78848 bytes executable
    C:\WINDOWS\system32\msihnd.dll 271360 bytes executable
    C:\WINDOWS\system32\msimg32.dll 4608 bytes executable
    C:\WINDOWS\system32\msimsg.dll 884736 bytes executable
    C:\WINDOWS\system32\msimtf.dll 159232 bytes executable
    C:\WINDOWS\system32\MSINET.OCX 115920 bytes executable
    C:\WINDOWS\system32\msisam11.dll 368710 bytes executable
    C:\WINDOWS\system32\msisip.dll 15360 bytes executable
    C:\WINDOWS\system32\MSVBVM60.DLL 1386496 bytes executable
    C:\WINDOWS\system32\msvci70.dll 54784 bytes executable
    C:\WINDOWS\system32\msvcirt.dll 54784 bytes executable
    C:\WINDOWS\system32\msvcp50.dll 565760 bytes executable
    C:\WINDOWS\system32\msvcp60.dll 413696 bytes executable
    C:\WINDOWS\system32\msvcp70.dll 487424 bytes executable
    C:\WINDOWS\system32\msvcp71.dll 499712 bytes executable
    C:\WINDOWS\system32\msvcr70.dll 344064 bytes executable
    C:\WINDOWS\system32\msvcr71.dll 348160 bytes executable
    C:\WINDOWS\system32\msvcr80.dll 626688 bytes executable
    C:\WINDOWS\system32\msvcrt.dll 343040 bytes executable
    C:\WINDOWS\system32\msvcrt20.dll 253952 bytes executable
    C:\WINDOWS\system32\msvcrt40.dll 61440 bytes executable
    C:\WINDOWS\system32\msvfw32.dll 121856 bytes executable
    C:\WINDOWS\system32\msvidc32.dll 25600 bytes executable
    C:\WINDOWS\system32\msvidctl.dll 1433600 bytes executable
    C:\WINDOWS\system32\msvideo.dll 127168 bytes
    C:\WINDOWS\system32\msw3prt.dll 72704 bytes executable
    C:\WINDOWS\system32\mswdat10.dll 831519 bytes executable
    C:\WINDOWS\system32\mswebdvd.dll 204800 bytes executable
    C:\WINDOWS\system32\mswmdm.dll 321536 bytes executable
    C:\WINDOWS\system32\mswsock.dll 247808 bytes executable
    C:\WINDOWS\system32\mswstr10.dll 614429 bytes executable
    C:\WINDOWS\system32\msxbde40.dll 348189 bytes executable
    C:\WINDOWS\system32\msxbse35.dll 287504 bytes executable
    C:\WINDOWS\system32\msxml.dll 506368 bytes executable
    C:\WINDOWS\system32\msxml2.dll 701440 bytes executable
    C:\WINDOWS\system32\msxml2r.dll 43792 bytes executable
    C:\WINDOWS\system32\msxml3.dll 1104896 bytes executable
    C:\WINDOWS\system32\msxml3a.dll 24576 bytes executable
    C:\WINDOWS\system32\msxml3r.dll 44032 bytes executable
    C:\WINDOWS\system32\msxml4.dll 1275392 bytes executable
    C:\WINDOWS\system32\msxml4r.dll 82432 bytes executable
    C:\WINDOWS\system32\profmap.dll 27648 bytes executable
    C:\WINDOWS\system32\progman.exe 109568 bytes executable
    C:\WINDOWS\system32\proquota.exe 50688 bytes executable
    C:\WINDOWS\system32\proxycfg.exe 9728 bytes executable
    C:\WINDOWS\system32\psapi.dll 23040 bytes executable
    C:\WINDOWS\system32\psbase.dll 98816 bytes executable
    C:\WINDOWS\system32\pschdcnt.h 3010 bytes
    C:\WINDOWS\system32\pschdprf.dll 10752 bytes executable
    C:\WINDOWS\system32\pschdprf.ini 14073 bytes
    C:\WINDOWS\system32\pscript.sep 51 bytes
    C:\WINDOWS\system32\psisdecd.dll 363520 bytes executable
    C:\WINDOWS\system32\psisrndr.ax 33280 bytes executable
    C:\WINDOWS\system32\psnppagn.dll 8192 bytes executable
    C:\WINDOWS\system32\pstorec.dll 43520 bytes executable
    C:\WINDOWS\system32\pstorsvc.dll 34304 bytes executable
    C:\WINDOWS\system32\ptpusb.dll 5632 bytes executable
    C:\WINDOWS\system32\ptpusd.dll 159232 bytes executable
    C:\WINDOWS\system32\PTxSCP.ocx 1206272 bytes executable
    C:\WINDOWS\system32\Pubole32.dll 76288 bytes executable
    C:\WINDOWS\system32\pubprn.vbs 3862 bytes
    C:\WINDOWS\system32\px.dll 372736 bytes executable
    C:\WINDOWS\system32\pxcpya64.exe 56832 bytes executable
    C:\WINDOWS\system32\pxcpyi64.exe 108544 bytes executable
    C
    9 Janvier 2008 20:53:50

    re
    il n'est toujours pas complet

    poste-le en plusieurs morceaux
    ou utilise ceci:
    http://www.sendspace.com/

    tu n'as pas répondu à ma question:

    as-tu le CD de windows?
    on va en avoir besoin
    9 Janvier 2008 20:54:47

    C:\WINDOWS\system32\pxdrv.dll 421888 bytes executable
    C:\WINDOWS\system32\pxhpinst.exe 61440 bytes executable
    C:\WINDOWS\system32\pxinsa64.exe 56320 bytes executable
    C:\WINDOWS\system32\pxinsi64.exe 109568 bytes executable
    C:\WINDOWS\system32\pxmas.dll 172032 bytes executable
    C:\WINDOWS\system32\pxsfs.dll 1093632 bytes executable
    C:\WINDOWS\system32\pxwave.dll 339968 bytes executable
    C:\WINDOWS\system32\wmerror.dll 272384 bytes executable
    C:\WINDOWS\system32\wmi.dll 5632 bytes executable
    C:\WINDOWS\system32\wmidx.dll 157184 bytes executable
    C:\WINDOWS\system32\wmidx.ocx 89600 bytes executable
    C:\WINDOWS\system32\wmimgmt.msc 63488 bytes
    C:\WINDOWS\system32\wmiprop.dll 19456 bytes executable
    C:\WINDOWS\system32\WMNetMgr.dll 937984 bytes executable
    C:\WINDOWS\system32\wmp.dll 10834944 bytes executable
    C:\WINDOWS\system32\wmp.ocx 20480 bytes executable
    C:\WINDOWS\system32\wmpasf.dll 242688 bytes executable
    C:\WINDOWS\system32\wmpcd.dll 20480 bytes executable
    C:\WINDOWS\system32\wmpcore.dll 20480 bytes executable
    C:\WINDOWS\system32\wmpdxm.dll 314880 bytes executable
    C:\WINDOWS\system32\wmpeffects.dll 295936 bytes executable
    C:\WINDOWS\system32\wmpencen.dll 1661440 bytes executable
    C:\WINDOWS\system32\WMPhoto.dll 276992 bytes executable
    C:\WINDOWS\system32\wmploc.dll 8292352 bytes executable
    C:\WINDOWS\system32\wmpmde.dll 613376 bytes executable
    C:\WINDOWS\system32\wmpns.dll 221184 bytes executable
    C:\WINDOWS\system32\wmpps.dll 130048 bytes executable
    C:\WINDOWS\system32\wmpscheme.xml 25065 bytes
    C:\WINDOWS\system32\wmpshell.dll 99840 bytes executable
    C:\WINDOWS\system32\wmpsrcwp.dll 204288 bytes executable
    C:\WINDOWS\system32\shimeng.dll 65536 bytes executable
    C:\WINDOWS\system32\shimgvw.dll 440320 bytes executable
    C:\WINDOWS\system32\shlwapi.dll 474624 bytes executable
    C:\WINDOWS\system32\shmedia.dll 153088 bytes executable
    C:\WINDOWS\system32\shmgrate.exe 42496 bytes executable
    C:\WINDOWS\system32\shrpubw.exe 78848 bytes executable
    C:\WINDOWS\system32\shscrap.dll 28160 bytes executable
    C:\WINDOWS\system32\shsvcs.dll 135168 bytes executable
    C:\WINDOWS\system32\shutdown.exe 20480 bytes executable
    C:\WINDOWS\system32\sigtab.dll 13824 bytes executable
    C:\WINDOWS\system32\sigverif.exe 71168 bytes executable
    C:\WINDOWS\system32\simpdata.tlb 16384 bytes executable
    C:\WINDOWS\system32\sirenacm.dll 51568 bytes executable
    C:\WINDOWS\system32\sisbkup.dll 13824 bytes executable
    C:\WINDOWS\system32\Skbase40.dll 83968 bytes executable
    C:\WINDOWS\system32\skdll.dll 5632 bytes executable
    C:\WINDOWS\system32\skeys.exe 26112 bytes executable
    C:\WINDOWS\system32\skjpeg40.dll 217088 bytes executable
    C:\WINDOWS\system32\slayerxp.dll 25600 bytes executable
    C:\WINDOWS\system32\slbcsp.dll 306176 bytes executable
    C:\WINDOWS\system32\slbiop.dll 98304 bytes executable
    C:\WINDOWS\system32\crypt32.dll 604672 bytes executable
    C:\WINDOWS\system32\cryptdlg.dll 75776 bytes executable
    C:\WINDOWS\system32\cryptdll.dll 33280 bytes executable
    C:\WINDOWS\system32\cryptext.dll 54784 bytes executable
    C:\WINDOWS\system32\cryptnet.dll 63488 bytes executable
    C:\WINDOWS\system32\cryptsvc.dll 60416 bytes executable
    C:\WINDOWS\system32\cryptui.dll 530432 bytes executable
    C:\WINDOWS\system32\cscdll.dll 102912 bytes executable
    C:\WINDOWS\system32\cscript.exe 98304 bytes executable
    C:\WINDOWS\system32\cscui.dll 337920 bytes executable
    C:\WINDOWS\system32\csrsrv.dll 32768 bytes executable
    C:\WINDOWS\system32\csrss.exe 6144 bytes executable
    C:\WINDOWS\system32\csseqchk.dll 73728 bytes executable
    C:\WINDOWS\system32\ctfmon.exe 15360 bytes executable
    C:\WINDOWS\system32\ctl3d32.dll 27136 bytes executable
    C:\WINDOWS\system32\ctl3dv2.dll 27200 bytes
    C:\WINDOWS\system32\ctype.nls 8386 bytes
    C:\WINDOWS\system32\c_037.nls 66082 bytes
    C:\WINDOWS\system32\c_10000.nls 66082 bytes
    C:\WINDOWS\system32\c_10006.nls 66082 bytes
    C:\WINDOWS\system32\c_10007.nls 66082 bytes
    C:\WINDOWS\system32\c_10010.nls 66082 bytes
    C:\WINDOWS\system32\c_10017.nls 66082 bytes
    C:\WINDOWS\system32\c_10029.nls 66082 bytes
    C:\WINDOWS\system32\c_10079.nls 66082 bytes
    C:\WINDOWS\system32\c_10081.nls 66082 bytes
    C:\WINDOWS\system32\c_10082.nls 66082 bytes
    C:\WINDOWS\system32\c_1026.nls 66082 bytes
    C:\WINDOWS\system32\c_1250.nls 66082 bytes
    C:\WINDOWS\system32\c_1251.nls 66082 bytes
    C:\WINDOWS\system32\c_1252.nls 66082 bytes
    C:\WINDOWS\system32\c_1253.nls 66082 bytes
    C:\WINDOWS\system32\c_1254.nls 66082 bytes
    C:\WINDOWS\system32\c_1255.nls 66082 bytes
    C:\WINDOWS\system32\kbdit142.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdjpn.dll 8704 bytes executable
    C:\WINDOWS\system32\kbdkaz.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdkor.dll 8192 bytes executable
    C:\WINDOWS\system32\kbdkyr.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdla.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdlt.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdlt1.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdlv.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdlv1.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdmac.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdmaori.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdmlt47.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdmlt48.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdmon.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdne.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdnec.dll 7168 bytes executable
    C:\WINDOWS\system32\kbdno.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdno1.dll 7168 bytes executable
    C:\WINDOWS\system32\kbdpl.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdpl1.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdpo.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdro.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdru.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdru1.dll 5632 bytes executable
    C:\WINDOWS\system32\linkinfo.dll 19968 bytes executable
    C:\WINDOWS\system32\lmhsvc.dll 13824 bytes executable
    C:\WINDOWS\system32\lmrt.dll 399872 bytes executable
    C:\WINDOWS\system32\LMRTREND.dll 38160 bytes executable
    C:\WINDOWS\system32\lnkstub.exe 26624 bytes executable
    C:\WINDOWS\system32\loadfix.com 1187 bytes
    C:\WINDOWS\system32\loadperf.dll 100352 bytes executable
    C:\WINDOWS\system32\locale.nls 249270 bytes
    C:\WINDOWS\system32\localsec.dll 228352 bytes executable
    C:\WINDOWS\system32\localspl.dll 344576 bytes executable
    C:\WINDOWS\system32\localui.dll 11776 bytes executable
    C:\WINDOWS\system32\locator.exe 75264 bytes executable
    C:\WINDOWS\system32\lodctr.exe 5120 bytes executable
    C:\WINDOWS\system32\logagent.exe 100864 bytes executable
    C:\WINDOWS\system32\LogFiles
    C:\WINDOWS\system32\loghours.dll 50688 bytes executable
    C:\WINDOWS\system32\logman.exe 61952 bytes executable
    C:\WINDOWS\system32\logoff.exe 15872 bytes executable
    C:\WINDOWS\system32\logon.scr 221696 bytes executable
    C:\WINDOWS\system32\logonui.exe 515584 bytes executable
    C:\WINDOWS\system32\logonui.exe.manifest 488 bytes
    C:\WINDOWS\system32\lpk.dll 22016 bytes executable
    C:\WINDOWS\system32\lpq.exe 6144 bytes executable
    C:\WINDOWS\system32\msjdbc10.dll 21264 bytes executable
    C:\WINDOWS\system32\msjet40.dll 1507356 bytes executable
    C:\WINDOWS\system32\msjetoledb40.dll 358976 bytes executable
    C:\WINDOWS\system32\Msjint35.dll 123664 bytes executable
    C:\WINDOWS\system32\msjint40.dll 184351 bytes executable
    C:\WINDOWS\system32\msjter35.dll 24848 bytes executable
    C:\WINDOWS\system32\msjter40.dll 53279 bytes executable
    C:\WINDOWS\system32\msjtes40.dll 241693 bytes executable
    C:\WINDOWS\system32\mslbui.dll 25600 bytes executable
    C:\WINDOWS\system32\msls2.dll 91136 bytes executable
    C:\WINDOWS\system32\msls31.dll 156160 bytes executable
    C:\WINDOWS\system32\msltus35.dll 166160 bytes executable
    C:\WINDOWS\system32\msltus40.dll 213023 bytes executable
    C:\WINDOWS\system32\rastapi.dll 58880 bytes executable
    C:\WINDOWS\system32\rastls.dll 113152 bytes executable
    C:\WINDOWS\system32\RasX.dll 128712 bytes executable
    C:\WINDOWS\system32\RasX.ocx 112336 bytes executable
    C:\WINDOWS\system32\rcbdyctl.dll 103424 bytes executable
    C:\WINDOWS\system32\rcimlby.exe 35840 bytes executable
    C:\WINDOWS\system32\rcp.exe 23040 bytes executable
    C:\WINDOWS\system32\RCSigProc.dll 110592 bytes executable
    C:\WINDOWS\system32\rdchost.dll 147968 bytes executable
    C:\WINDOWS\system32\rdpcfgex.dll 4608 bytes executable
    C:\WINDOWS\system32\rdpclip.exe 62464 bytes executable
    C:\WINDOWS\system32\rdpdd.dll 92168 bytes executable
    C:\WINDOWS\system32\rdpsnd.dll 19968 bytes executable
    C:\WINDOWS\system32\rdpwsx.dll 87176 bytes executable
    C:\WINDOWS\system32\rdsaddin.exe 13824 bytes executable
    C:\WINDOWS\system32\rdshost.exe 67072 bytes executable
    C:\WINDOWS\system32\RealMediaSplitter.ax 356352 bytes executable
    C:\WINDOWS\system32\recover.exe 7168 bytes executable
    C:\WINDOWS\system32\RedEye.dll 54784 bytes executable
    C:\WINDOWS\system32\redir.exe 3352 bytes
    C:\WINDOWS\system32\reg.exe 53248 bytes executable
    C:\WINDOWS\system32\regapi.dll 49664 bytes executable
    C:\WINDOWS\system32\regedt32.exe 3584 bytes executable
    C:\WINDOWS\system32\regini.exe 33792 bytes executable
    C:\WINDOWS\system32\regsvc.dll 59904 bytes executable
    C:\WINDOWS\system32\regsvr32.exe 12288 bytes executable
    C:\WINDOWS\system32\regsvr32.log 0 bytes
    C:\WINDOWS\system32\qappsrv.exe 17408 bytes executable
    C:\WINDOWS\system32\quartz.vxd 5672 bytes
    C:\WINDOWS\system32\ras
    C:\WINDOWS\system32\rasser.dll 12800 bytes executable
    C:\WINDOWS\system32\regwiz.exe 4608 bytes executable
    C:\WINDOWS\system32\rmoc3260.dll 176167 bytes executable
    C:\WINDOWS\system32\rsvp.ini 15937 bytes
    C:\WINDOWS\system32\scrrnfr.dll 24626 bytes executable
    C:\WINDOWS\system32\serwvdrv.dll 14848 bytes executable
    C:\WINDOWS\system32\SET55.tmp 2463744 bytes executable
    C:\WINDOWS\system32\sethc.exe 32768 bytes executable
    C:\WINDOWS\system32\share.exe 882 bytes
    C:\WINDOWS\system32\shiftjis.uce 16740 bytes
    C:\WINDOWS\system32\slbrccsp.dll 16384 bytes executable
    C:\WINDOWS\system32\spnike.dll 69632 bytes executable
    C:\WINDOWS\system32\sqlwoa.dll 49179 bytes executable
    C:\WINDOWS\system32\stclient.dll 54272 bytes executable
    C:\WINDOWS\system32\query.dll 1440768 bytes executable
    C:\WINDOWS\system32\QuickTime
    C:\WINDOWS\system32\QuickTime.cpl 324608 bytes executable
    C:\WINDOWS\system32\QuickTime.qtp 50540 bytes
    C:\WINDOWS\system32\QuickTime.qts 6682112 bytes executable
    C:\WINDOWS\system32\QuickTimeCheck.ocx 70144 bytes executable
    C:\WINDOWS\system32\QuickTimeMusicalInstruments.qtx 2017280 bytes executable
    C:\WINDOWS\system32\QuickTimeVR.qtx 430592 bytes executable
    C:\WINDOWS\system32\qwinsta.exe 22528 bytes executable
    C:\WINDOWS\system32\racpldlg.dll 43520 bytes executable
    C:\WINDOWS\system32\srclient.dll 67584 bytes executable
    C:\WINDOWS\system32\srrstr.dll 241664 bytes executable
    C:\WINDOWS\system32\srsvc.dll 171008 bytes executable
    C:\WINDOWS\system32\srvsvc.dll 96768 bytes executable
    C:\WINDOWS\system32\ss3dfo.scr 708608 bytes executable
    C:\WINDOWS\system32\ssbezier.scr 19968 bytes executable
    C:\WINDOWS\system32\ssdpapi.dll 34816 bytes executable
    C:\WINDOWS\system32\ssdpsrv.dll 71680 bytes executable
    C:\WINDOWS\system32\ssflwbox.scr 393216 bytes executable
    C:\WINDOWS\system32\ssldivx.dll 200704 bytes executable
    C:\WINDOWS\system32\ssmarque.scr 20992 bytes executable
    C:\WINDOWS\system32\ssmypics.scr 47104 bytes executable
    C:\WINDOWS\system32\ssmyst.scr 18944 bytes executable
    C:\WINDOWS\system32\sspipes.scr 610304 bytes executable
    C:\WINDOWS\system32\ssstars.scr 14336 bytes executable
    C:\WINDOWS\system32\sstext3d.scr 684032 bytes executable
    C:\WINDOWS\system32\initpki.dll 147456 bytes executable
    C:\WINDOWS\system32\input.dll 126464 bytes executable
    C:\WINDOWS\system32\inseng.dll 92672 bytes executable
    C:\WINDOWS\system32\Installer.log 971 bytes
    C:\WINDOWS\system32\instcat.sql 956990 bytes
    C:\WINDOWS\system32\InstMed.exe 53248 bytes executable
    C:\WINDOWS\system32\internat.exe 40400 bytes executable
    C:\WINDOWS\system32\internat.win 40400 bytes executable
    C:\WINDOWS\system32\intl.cpl 134144 bytes executable
    C:\WINDOWS\system32\iologmsg.dll 39936 bytes executable
    C:\WINDOWS\system32\ipconf.tsp 17408 bytes executable
    C:\WINDOWS\system32\ipconfig.exe 58368 bytes executable
    C:\WINDOWS\system32\iphlpapi.dll 95744 bytes executable
    C:\WINDOWS\system32\ipmontr.dll 167424 bytes executable
    C:\WINDOWS\system32\ipnathlp.dll 332800 bytes executable
    C:\WINDOWS\system32\ippromon.dll 355840 bytes executable
    C:\WINDOWS\system32\iprop.dll 3584 bytes executable
    C:\WINDOWS\system32\iprtprio.dll 4096 bytes executable
    C:\WINDOWS\system32\iprtrmgr.dll 169984 bytes executable
    C:\WINDOWS\system32\ipsec6.exe 46080 bytes executable
    C:\WINDOWS\system32\ipsecsnp.dll 361472 bytes executable
    C:\WINDOWS\system32\ipsecsvc.dll 184320 bytes executable
    C:\WINDOWS\system32\ipsink.ax 16384 bytes executable
    C:\WINDOWS\system32\ipsmsnap.dll 388096 bytes executable
    C:\WINDOWS\system32\ipv6.exe 53760 bytes executable
    C:\WINDOWS\system32\ipv6mon.dll 59904 bytes executable
    C:\WINDOWS\system32\jgaw400.dll 44544 bytes executable
    C:\WINDOWS\system32\jgdw400.dll 163840 bytes executable
    C:\WINDOWS\system32\jgmd400.dll 35840 bytes executable
    C:\WINDOWS\system32\jgpl400.dll 27648 bytes executable
    C:\WINDOWS\system32\jgsd400.dll 45568 bytes executable
    C:\WINDOWS\system32\jgsh400.dll 65536 bytes executable
    C:\WINDOWS\system32\jit.dll 171280 bytes executable
    C:\WINDOWS\system32\jobexec.dll 49488 bytes executable
    C:\WINDOWS\system32\msdtcprf.ini 3914 bytes
    C:\WINDOWS\system32\msdtcprx.dll 426496 bytes executable
    C:\WINDOWS\system32\msdtctm.dll 956416 bytes executable
    C:\WINDOWS\system32\msdtcuiu.dll 161280 bytes executable
    C:\WINDOWS\system32\msdvbnp.ax 56832 bytes executable
    C:\WINDOWS\system32\msdxm.ocx 848922 bytes executable
    C:\WINDOWS\system32\msdxmlc.dll 4126 bytes executable
    C:\WINDOWS\system32\msencode.dll 94282 bytes executable
    C:\WINDOWS\system32\msexch40.dll 512029 bytes executable
    C:\WINDOWS\system32\msexcl35.dll 250128 bytes executable
    C:\WINDOWS\system32\msexcl40.dll 319517 bytes executable
    C:\WINDOWS\system32\msfeeds.dll 459264 bytes executable
    C:\WINDOWS\system32\msfeedsbs.dll 52224 bytes executable
    C:\WINDOWS\system32\msfeedssync.exe 12288 bytes executable
    C:\WINDOWS\system32\msftedit.dll 539136 bytes executable
    C:\WINDOWS\system32\msg.exe 22528 bytes executable
    C:\WINDOWS\system32\msg711.acm 9216 bytes executable
    C:\WINDOWS\system32\msg723.acm 118784 bytes executable
    C:\WINDOWS\system32\msgina.dll 1004032 bytes executable
    C:\WINDOWS\system32\MsgPlusLoader.dll 58952 bytes executable
    C:\WINDOWS\system32\msgsm32.acm 19968 bytes executable
    C:\WINDOWS\system32\msgsvc.dll 33792 bytes executable
    C:\WINDOWS\system32\msh261.drv 188416 bytes executable
    C:\WINDOWS\system32\msh263.drv 294912 bytes executable
    C:\WINDOWS\system32\savedump.exe 13824 bytes executable
    C:\WINDOWS\system32\sbe.dll 270848 bytes executable
    C:\WINDOWS\system32\sbeio.dll 159232 bytes executable
    C:\WINDOWS\system32\sc.exe 31232 bytes executable
    C:\WINDOWS\system32\scarddlg.dll 71168 bytes executable
    C:\WINDOWS\system32\scardssp.dll 118784 bytes executable
    C:\WINDOWS\system32\scardsvr.exe 100352 bytes executable
    C:\WINDOWS\system32\sccbase.dll 169984 bytes executable
    C:\WINDOWS\system32\sccsccp.dll 171520 bytes executable
    C:\WINDOWS\system32\SCD32.dll 121344 bytes executable
    C:\WINDOWS\system32\scecli.dll 186368 bytes executable
    C:\WINDOWS\system32\scesrv.dll 328704 bytes executable
    C:\WINDOWS\system32\Scg726.acm 13239 bytes executable
    C:\WINDOWS\system32\schannel.dll 144896 bytes executable
    C:\WINDOWS\system32\schedsvc.dll 193024 bytes executable
    C:\WINDOWS\system32\sclgntfy.dll 22016 bytes executable
    C:\WINDOWS\system32\scofr.dll 24624 bytes executable
    C:\WINDOWS\system32\scredir.dll 26624 bytes executable
    C:\WINDOWS\system32\scripto.dll 57856 bytes executable
    C:\WINDOWS\system32\scrnsave.scr 9216 bytes executable
    C:\WINDOWS\system32\scrobj.dll 159744 bytes executable
    C:\WINDOWS\system32\wshom.ocx 98304 bytes executable
    C:\WINDOWS\system32\wshrm.dll 11776 bytes executable
    C:\WINDOWS\system32\wshtcpip.dll 19968 bytes executable
    C:\WINDOWS\system32\wsnmp32.dll 42496 bytes executable
    C:\WINDOWS\system32\wsock32.dll 25088 bytes executable
    C:\WINDOWS\system32\wstdecod.dll 51200 bytes executable
    C:\WINDOWS\system32\wtsapi32.dll 18432 bytes executable
    C:\WINDOWS\system32\wuapi.dll 549720 bytes executable
    C:\WINDOWS\system32\wuapi.dll.mui 30040 bytes executable
    C:\WINDOWS\system32\wuauclt.exe 53080 bytes executable
    C:\WINDOWS\system32\wuauclt1.exe 175896 bytes executable
    C:\WINDOWS\system32\wuaucpl.cpl 216408 bytes executable
    C:\WINDOWS\system32\makecab.exe 85504 bytes executable
    C:\WINDOWS\system32\mapi32.dll 112128 bytes executable
    C:\WINDOWS\system32\mapistub.dll 112128 bytes executable
    C:\WINDOWS\system32\mapisvc.inf 620 bytes
    C:\WINDOWS\system32\mcafeepf.dll 36352 bytes executable
    C:\WINDOWS\system32\mcastmib.dll 14848 bytes executable
    C:\WINDOWS\system32\mcd32.dll 10240 bytes executable
    C:\WINDOWS\system32\mcdsrv32.dll 10496 bytes executable
    C:\WINDOWS\system32\mcdvd_32.dll 261632 bytes executable
    C:\WINDOWS\system32\mchgrcoi.dll 4608 bytes executable
    C:\WINDOWS\system32\mciavi.drv 73680 bytes
    C:\WINDOWS\system32\mciavi32.dll 85504 bytes executable
    C:\WINDOWS\system32\pndx5016.dll 6656 bytes
    C:\WINDOWS\system32\pndx5032.dll 5632 bytes executable
    C:\WINDOWS\system32\pngfilt.dll 44544 bytes executable
    C:\WINDOWS\system32\pnrpnsp.dll 48640 bytes executable
    C:\WINDOWS\system32\polstore.dll 106496 bytes executable
    C:\WINDOWS\system32\nvtuicpl.cpl 143360 bytes executable
    C:\WINDOWS\system32\nvwddi.dll 45127 bytes executable
    C:\WINDOWS\system32\nvwrsar.dll 143360 bytes executable
    C:\WINDOWS\system32\nvwrscs.dll 159744 bytes executable
    C:\WINDOWS\system32\nvwrsda.dll 159744 bytes executable
    C:\WINDOWS\system32\nvwrsde.dll 176128 bytes executable
    C:\WINDOWS\system32\nvwrsel.dll 184320 bytes executable
    C:\WINDOWS\system32\nvwrseng.dll 147456 bytes executable
    C:\WINDOWS\system32\nvwrses.dll 176128 bytes executable
    C:\WINDOWS\system32\nvwrsesm.dll 147456 bytes executable
    C:\WINDOWS\system32\nvwrsfi.dll 163840 bytes executable
    C:\WINDOWS\system32\nvwrsfr.dll 172032 bytes executable
    C:\WINDOWS\system32\nvwrshe.dll 139264 bytes executable
    C:\WINDOWS\system32\nvwrshu.dll 167936 bytes executable
    C:\WINDOWS\system32\nvwrsit.dll 172032 bytes executable
    C:\WINDOWS\system32\nvwrsja.dll 106496 bytes executable
    C:\WINDOWS\system32\nvwrsko.dll 102400 bytes executable
    C:\WINDOWS\system32\nvwrsnl.dll 167936 bytes executable
    C:\WINDOWS\system32\nvwrspl.dll 163840 bytes executable
    C:\WINDOWS\system32\nvwrspt.dll 176128 bytes executable
    C:\WINDOWS\system32\nvwrsptb.dll 172032 bytes executable
    C:\WINDOWS\system32\nvwrsru.dll 176128 bytes executable
    C:\WINDOWS\system32\nvwrssk.dll 167936 bytes executable
    C:\WINDOWS\system32\nvwrssl.dll 155648 bytes executable
    C:\WINDOWS\system32\nvwrssv.dll 159744 bytes executable
    C:\WINDOWS\system32\nvwrstr.dll 163840 bytes executable
    C:\WINDOWS\system32\nvwrszhc.dll 86016 bytes executable
    C:\WINDOWS\system32\nvwrszht.dll 86016 bytes executable
    C:\WINDOWS\system32\nwc.cpl.manifest 749 bytes
    C:\WINDOWS\system32\nwiz.exe 323584 bytes executable
    C:\WINDOWS\system32\nwprovau.dll 145920 bytes executable
    C:\WINDOWS\system32\oakley.dll 267776 bytes executable
    C:\WINDOWS\system32\objsel.dll 288768 bytes executable
    C:\WINDOWS\system32\occache.dll 102400 bytes executable
    C:\WINDOWS\system32\ochlp30e.dll 37888 bytes executable
    C:\WINDOWS\system32\ocmanage.dll 62976 bytes executable
    C:\WINDOWS\system32\nvrsesm.dll 282624 bytes executable
    C:\WINDOWS\system32\nvrsfi.dll 258048 bytes executable
    C:\WINDOWS\system32\nvrsfr.dll 278528 bytes executable
    C:\WINDOWS\system32\nvrshe.dll 2859008 bytes executable
    C:\WINDOWS\system32\nvrshu.dll 262144 bytes executable
    C:\WINDOWS\system32\nvrsit.dll 278528 bytes executable
    C:\WINDOWS\system32\nvrsja.dll 3485696 bytes executable
    C:\WINDOWS\system32\nvrsko.dll 3481600 bytes executable
    C:\WINDOWS\system32\nvrsnl.dll 274432 bytes executable
    C:\WINDOWS\system32\nvrsno.dll 266240 bytes executable
    C:\WINDOWS\system32\nvrspl.dll 262144 bytes executable
    C:\WINDOWS\system32\nvrspt.dll 270336 bytes executable
    C:\WINDOWS\system32\nvrsptb.dll 274432 bytes executable
    C:\WINDOWS\system32\nvrsru.dll 270336 bytes executable
    C:\WINDOWS\system32\nvrssk.dll 262144 bytes executable
    C:\WINDOWS\system32\nvrssl.dll 270336 bytes executable
    C:\WINDOWS\system32\nvrssv.dll 266240 bytes executable
    C:\WINDOWS\system32\nvrstr.dll 270336 bytes executable
    C:\WINDOWS\system32\nvrszhc.dll 221184 bytes executable
    C:\WINDOWS\system32\nvrszht.dll 221184 bytes executable
    C:\WINDOWS\system32\nvshell.dll 471112 bytes executable
    C:\WINDOWS\system32\perfctrs.dll 42496 bytes executable
    C:\WINDOWS\system32\perfd009.dat 28626 bytes
    C:\WINDOWS\system32\perfd00C.dat 34108 bytes
    C:\WINDOWS\system32\perfdisk.dll 27136 bytes executable
    C:\WINDOWS\system32\perffilt.h 140 bytes
    C:\WINDOWS\system32\perffilt.ini 1293 bytes
    C:\WINDOWS\system32\perfh009.dat 394078 bytes
    C:\WINDOWS\system32\perfh00C.dat 460232 bytes
    C:\WINDOWS\system32\perfi009.dat 272128 bytes
    C:\WINDOWS\system32\perfi00C.dat 322810 bytes
    C:\WINDOWS\system32\Perfil
    C:\WINDOWS\system32\perfmon.exe 15872 bytes executable
    C:\WINDOWS\system32\perfmon.msc 57862 bytes
    C:\WINDOWS\system32\perfnet.dll 17408 bytes executable
    C:\WINDOWS\system32\perfos.dll 26624 bytes executable
    C:\WINDOWS\system32\perfproc.dll 35840 bytes executable
    C:\WINDOWS\system32\PerfStringBackup.INI 994632 bytes
    C:\WINDOWS\system32\vidcap.ax 28672 bytes executable
    C:\WINDOWS\system32\vidccleaner.exe 8704 bytes executable
    C:\WINDOWS\system32\vidx16.dll 10240 bytes
    C:\WINDOWS\system32\VisualSoftCrypt.dll 275968 bytes executable
    C:\WINDOWS\system32\vjoy.dll 4608 bytes executable
    C:\WINDOWS\system32\vmhelper.dll 286992 bytes executable
    C:\WINDOWS\system32\vmtalk_fr.dll 40960 bytes executable
    C:\WINDOWS\system32\vp6vfw.dll 442368 bytes executable
    C:\WINDOWS\system32\Vsflex7L.ocx 419488 bytes executable
    C:\WINDOWS\system32\vssadmin.exe 34304 bytes executable
    C:\WINDOWS\system32\vssapi.dll 430592 bytes executable
    C:\WINDOWS\system32\vssvc.exe 295424 bytes executable
    C:\WINDOWS\system32\vss_ps.dll 16896 bytes executable
    C:\WINDOWS\system32\vxblock.dll 28672 bytes executable
    C:\WINDOWS\system32\w32time.dll 177664 bytes executable
    C:\WINDOWS\system32\w32tm.exe 51712 bytes executable
    C:\WINDOWS\system32\w32topl.dll 22016 bytes executable
    C:\WINDOWS\system32\w3ssl.dll 15872 bytes executable
    C:\WINDOWS\system32\w95inf16.dll 2272 bytes
    C:\WINDOWS\system32\w95inf32.dll 4608 bytes executable
    C:\WINDOWS\system32\watchdog.sys 17664 bytes executable
    C:\WINDOWS\system32\wavemsp.dll 208896 bytes executable
    C:\WINDOWS\system32\qasf.dll 201728 bytes executable
    C:\WINDOWS\system32\qcap.dll 192512 bytes executable
    C:\WINDOWS\system32\QCUI2.dll 466944 bytes executable
    C:\WINDOWS\system32\qcut.dll 194320 bytes executable
    C:\WINDOWS\system32\qdv.dll 279040 bytes executable
    C:\WINDOWS\system32\qdvd.dll 386048 bytes executable
    C:\WINDOWS\system32\qedit.dll 563200 bytes executable
    C:\WINDOWS\system32\qedwipes.dll 733696 bytes executable
    C:\WINDOWS\system32\qmgr.dll 382464 bytes executable
    C:\WINDOWS\system32\qmgrprxy.dll 18944 bytes executable
    C:\WINDOWS\system32\qosname.dll 8192 bytes executable
    C:\WINDOWS\system32\qprocess.exe 20992 bytes executable
    C:\WINDOWS\system32\qt-dx331.dll 3596288 bytes executable
    C:\WINDOWS\system32\qt-mt331.dll 3375104 bytes executable
    C:\WINDOWS\system32\qtplugin.log 3435 bytes
    C:\WINDOWS\system32\quartz.dll 1293824 bytes executable
    C:\WINDOWS\system32\fwcfg.dll 60416 bytes executable
    C:\WINDOWS\system32\fxsapi.dll 452096 bytes executable
    C:\WINDOWS\system32\fxscfgwz.dll 113664 bytes executable
    C:\WINDOWS\system32\fxsclnt.exe 143360 bytes executable
    C:\WINDOWS\system32\fxsclntR.dll 141312 bytes executable
    C:\WINDOWS\system32\fxscom.dll 72192 bytes executable
    C:\WINDOWS\system32\fxscomex.dll 285184 bytes executable
    C:\WINDOWS\system32\fxscount.h 1361 bytes
    C:\WINDOWS\system32\fxscover.exe 238592 bytes executable
    C:\WINDOWS\system32\fxsdrv.dll 27136 bytes executable
    C:\WINDOWS\system32\fxsevent.dll 66048 bytes executable
    C:\WINDOWS\system32\fxsext32.dll 23552 bytes executable
    C:\WINDOWS\system32\fxsmon.dll 24064 bytes executable
    C:\WINDOWS\system32\fxsperf.dll 8704 bytes executable
    C:\WINDOWS\system32\fxsperf.ini 3712 bytes
    C:\WINDOWS\system32\fxsres.dll 7168 bytes executable
    C:\WINDOWS\system32\fxsroute.dll 31744 bytes executable
    C:\WINDOWS\system32\edit.com 71102 bytes
    C:\WINDOWS\system32\edit.hlp 13781 bytes
    C:\WINDOWS\system32\edlin.exe 13010 bytes
    C:\WINDOWS\system32\ega.cpi 127213 bytes
    C:\WINDOWS\system32\ehETW.dll 11264 bytes executable
    C:\WINDOWS\system32\els.dll 187392 bytes executable
    C:\WINDOWS\system32\embedded
    C:\WINDOWS\system32\emptyregdb.dat 21892 bytes
    C:\WINDOWS\system32\encapi.dll 20480 bytes executable
    C:\WINDOWS\system32\encdec.dll 186368 bytes executable
    C:\WINDOWS\system32\wmpui.dll 20480 bytes executable
    C:\WINDOWS\system32\wmsdmod.dll 4096 bytes executable
    C:\WINDOWS\system32\wmsdmoe.dll 115200 bytes executable
    C:\WINDOWS\system32\wmsdmoe2.dll 4096 bytes executable
    C:\WINDOWS\system32\WMSPDMOD.dll 603648 bytes executable
    C:\WINDOWS\system32\WMSPDMOE.dll 1329152 bytes executable
    C:\WINDOWS\system32\wmstream.dll 303616 bytes executable
    C:\WINDOWS\system32\wmv8dmod.dll 311327 bytes executable
    C:\WINDOWS\system32\wmv8dmoe.dll 466944 bytes executable
    C:\WINDOWS\system32\wmv8ds32.ax 278559 bytes executable
    C:\WINDOWS\system32\wmv9dmod.dll 815760 bytes executable
    C:\WINDOWS\system32\WMVADVD.dll 4096 bytes executable
    C:\WINDOWS\system32\WMVADVE.DLL 4096 bytes executable
    C:\WINDOWS\system32\wmvcore.dll 2450944 bytes executable
    C:\WINDOWS\system32\wmvcore2.dll 1677312 bytes executable
    C:\WINDOWS\system32\wmvdecod.dll 1543680 bytes executable
    C:\WINDOWS\system32\wmvdmod.dll 4096 bytes executable
    C:\WINDOWS\system32\wmvdmoe.dll 446464 bytes executable
    C:\WINDOWS\system32\wmvdmoe2.dll 4096 bytes executable
    C:\WINDOWS\system32\wmvds32.ax 258048 bytes executable
    C:\WINDOWS\system32\WMVENCOD.dll 1574912 bytes executable
    C:\WINDOWS\system32\WMVSDECD.dll 1382912 bytes executable
    C:\WINDOWS\system32\WMVSENCD.dll 767488 bytes executable
    C:\WINDOWS\system32\WMVXENCD.dll 656896 bytes executable
    C:\WINDOWS\system32\wow32.dll 265216 bytes executable
    C:\WINDOWS\system32\wowdeb.exe 2736 bytes
    C:\WINDOWS\system32\wowexec.exe 10608 bytes
    C:\WINDOWS\system32\wowfax.dll 3200 bytes executable
    C:\WINDOWS\system32\langwrbk.dll 89600 bytes executable
    C:\WINDOWS\system32\lanman.drv 224448 bytes
    C:\WINDOWS\system32\LAPRXY.dll 11264 bytes executable
    C:\WINDOWS\system32\LCamCpl.dll 462848 bytes executable
    C:\WINDOWS\system32\LegitCheckControl.dll 1468968 bytes executable
    C:\WINDOWS\system32\lfbmp11n.dll 36864 bytes executable
    C:\WINDOWS\system32\LFBMP12N.DLL 30720 bytes executable
    C:\WINDOWS\system32\lfbmp13n.dll 57344 bytes executable
    C:\WINDOWS\system32\LFCMP11n.DLL 285184 bytes executable
    C:\WINDOWS\system32\LFCMP12N.DLL 358912 bytes executable
    C:\WINDOWS\system32\lfcmp13n.dll 401408 bytes executable
    C:\WINDOWS\system32\lfeps11n.dll 31232 bytes executable
    C:\WINDOWS\system32\lffax11n.dll 81408 bytes executable
    C:\WINDOWS\system32\LFFAX12N.DLL 73728 bytes executable
    C:\WINDOWS\system32\wuweb.dll 203096 bytes executable
    C:\WINDOWS\system32\wzcdlg.dll 378880 bytes executable
    C:\WINDOWS\system32\wzcsapi.dll 51712 bytes executable
    C:\WINDOWS\system32\wzcsvc.dll 359936 bytes executable
    C:\WINDOWS\system32\xactsrv.dll 91648 bytes executable
    C:\WINDOWS\system32\xcopy.exe 30720 bytes executable
    C:\WINDOWS\system32\xenroll.dll 177784 bytes executable
    C:\WINDOWS\system32\t2embed.dll 118272 bytes executable
    C:\WINDOWS\system32\TABCTL32.OCX 209608 bytes executable
    C:\WINDOWS\system32\tapi.dll 19200 bytes
    C:\WINDOWS\system32\tapi3.dll 860160 bytes executable
    C:\WINDOWS\system32\tapi32.dll 181760 bytes executable
    C:\WINDOWS\system32\tapiperf.dll 5632 bytes executable
    C:\WINDOWS\system32\tapisrv.dll 249344 bytes executable
    C:\WINDOWS\system32\tapiui.dll 87040 bytes executable
    C:\WINDOWS\system32\nddeapi.dll 18432 bytes executable
    C:\WINDOWS\system32\nddeapir.exe 4096 bytes executable
    C:\WINDOWS\system32\nddenb32.dll 19456 bytes executable
    C:\WINDOWS\system32\ndptsp.tsp 57344 bytes executable
    C:\WINDOWS\system32\NeroCheck.exe 155648 bytes executable
    C:\WINDOWS\system32\net.exe 42496 bytes executable
    C:\WINDOWS\system32\net.hlp 121876 bytes
    C:\WINDOWS\system32\net1.exe 124928 bytes executable
    C:\WINDOWS\system32\netapi.dll 108512 bytes
    C:\WINDOWS\system32\netapi32.dll 332288 bytes executable
    C:\WINDOWS\system32\netcfgx.dll 633856 bytes executable
    C:\WINDOWS\system32\netdde.exe 114176 bytes executable
    C:\WINDOWS\system32\netevent.dll 251392 bytes executable
    C:\WINDOWS\system32\netfxperf.dll 32768 bytes executable
    C:\WINDOWS\system32\RNAPH.DLL 9728 bytes executable
    C:\WINDOWS\system32\rnr20.dll 3072 bytes executable
    C:\WINDOWS\system32\route.exe 21504 bytes executable
    C:\WINDOWS\system32\routemon.exe 25600 bytes executable
    C:\WINDOWS\system32\routetab.dll 6656 bytes executable
    C:\WINDOWS\system32\rpcns4.dll 22016 bytes executable
    C:\WINDOWS\system32\rpcrt4.dll 582656 bytes executable
    C:\WINDOWS\system32\rpcss.dll 397824 bytes executable
    C:\WINDOWS\system32\rsaci.rat 3271 bytes
    C:\WINDOWS\system32\rsaenh.dll 152576 bytes executable
    C:\WINDOWS\system32\rsh.exe 15872 bytes executable
    C:\WINDOWS\system32\rshx32.dll 40960 bytes executable
    C:\WINDOWS\system32\rsm.exe 53248 bytes executable
    C:\WINDOWS\system32\rsmps.dll 18944 bytes executable
    C:\WINDOWS\system32\rsmsink.exe 24576 bytes executable
    C:\WINDOWS\system32\rsmui.exe 49664 bytes executable
    C:\WINDOWS\system32\rsvp.exe 132608 bytes executable
    C:\WINDOWS\system32\Twvmhk.dll 32768 bytes executable
    C:\WINDOWS\system32\twvmoe.dll 143449 bytes executable
    C:\WINDOWS\system32\twvmoe_fr.dll 36864 bytes executable
    C:\WINDOWS\system32\txflog.dll 101376 bytes executable
    C:\WINDOWS\system32\typelib.dll 177856 bytes
    C:\WINDOWS\system32\tzchange.exe 60416 bytes executable
    C:\WINDOWS\system32\TZLog.log 386478 bytes
    C:\WINDOWS\system32\udhisapi.dll 25600 bytes executable
    C:\WINDOWS\system32\ufat.dll 82432 bytes executable
    C:\WINDOWS\system32\ulib.dll 311808 bytes executable
    C:\WINDOWS\system32\umandlg.dll 36864 bytes executable
    C:\WINDOWS\system32\dfrgsnap.dll 39424 bytes executable
    C:\WINDOWS\system32\dfrgui.dll 123904 bytes executable
    C:\WINDOWS\system32\dfshim.dll 83456 bytes executable
    C:\WINDOWS\system32\dfsshlex.dll 28672 bytes executable
    C:\WINDOWS\system32\dgnet.dll 115200 bytes executable
    C:\WINDOWS\system32\dgrpsetu.dll 176157 bytes executable
    C:\WINDOWS\system32\dgsetup.dll 86044 bytes executable
    C:\WINDOWS\system32\dhcp
    C:\WINDOWS\system32\dhcpcsvc.dll 112128 bytes executable
    C:\WINDOWS\system32\dhcpmon.dll 401408 bytes executable
    C:\WINDOWS\system32\dhcpsapi.dll 78848 bytes executable
    C:\WINDOWS\system32\diactfrm.dll 467968 bytes executable
    C:\WINDOWS\system32\dialogg.ocx 140288 bytes executable
    C:\WINDOWS\system32\diantz.exe 85504 bytes executable
    C:\WINDOWS\system32\DieuxDuStade.scr 966973 bytes executable
    C:\WINDOWS\system32\digest.dll 68608 bytes executable
    C:\WINDOWS\system32\dimap.dll 44032 bytes executable
    C:\WINDOWS\system32\dimm.dll 87376 bytes executable
    C:\WINDOWS\system32\dinput.dll 165376 bytes executable
    C:\WINDOWS\system32\dinput8.dll 187904 bytes executable
    C:\WINDOWS\system32\DirectX
    C:\WINDOWS\system32\diskcomp.com 9216 bytes executable
    C:\WINDOWS\system32\diskcopy.com 7168 bytes executable
    C:\WINDOWS\system32\diskcopy.dll 1502208 bytes executable
    C:\WINDOWS\system32\OEMLOGO.BMP 51654 bytes
    C:\WINDOWS\system32\offfilt.dll 192000 bytes executable
    C:\WINDOWS\system32\ole2.dll 39744 bytes
    C:\WINDOWS\system32\ole2disp.dll 169520 bytes
    C:\WINDOWS\system32\ole2nls.dll 153008 bytes
    C:\WINDOWS\system32\ole32.dll 1284608 bytes executable
    C:\WINDOWS\system32\oleacc.dll 163328 bytes executable
    C:\WINDOWS\system32\oleaccrc.dll 18944 bytes executable
    C:\WINDOWS\system32\oleaut32.dll 549376 bytes executable
    C:\WINDOWS\system32\olecli.dll 83456 bytes
    C:\WINDOWS\system32\olecli32.dll 75264 bytes executable
    C:\WINDOWS\system32\olecnv32.dll 37888 bytes executable
    C:\WINDOWS\system32\oledlg.dll 124928 bytes executable
    C:\WINDOWS\system32\oleprn.dll 110592 bytes executable
    C:\WINDOWS\system32\olepro32.dll 83456 bytes executable
    C:\WINDOWS\system32\olesvr.dll 24064 bytes
    C:\WINDOWS\system32\olesvr32.dll 22016 bytes executable
    C:\WINDOWS\system32\olethk32.dll 69120 bytes executable
    C:\WINDOWS\system32\davclnt.dll 25088 bytes executable
    C:\WINDOWS\system32\daxctle.ocx 153088 bytes executable
    C:\WINDOWS\system32\DBCLIENT.DLL 210032 bytes executable
    C:\WINDOWS\system32\dbgeng.dll 847872 bytes executable
    C:\WINDOWS\system32\dbghelp.dll 640000 bytes executable
    C:\WINDOWS\system32\dbmsadsn.dll 20480 bytes executable
    C:\WINDOWS\system32\dbmsrpcn.dll 24576 bytes executable
    C:\WINDOWS\system32\dbmsvinn.dLL 24576 bytes executable
    C:\WINDOWS\system32\dbnetlib.dll 110592 bytes executable
    C:\WINDOWS\system32\dbnmpntw.dll 28672 bytes executable
    C:\WINDOWS\system32\DC120V15_32.DLL 434176 bytes executable
    C:\WINDOWS\system32\DC265.DLL 230400 bytes executable
    C:\WINDOWS\system32\dcache.bin 1788 bytes
    C:\WINDOWS\system32\dciman32.dll 8704 bytes executable
    C:\WINDOWS\system32\dcomcnfg.exe 5120 bytes executable
    C:\WINDOWS\system32\dpu10.dll 294912 bytes executable
    C:\WINDOWS\system32\dpu11.dll 294912 bytes executable
    C:\WINDOWS\system32\dpufr.qm 8835 bytes
    C:\WINDOWS\system32\dpuGUI10.dll 53248 bytes executable
    C:\WINDOWS\system32\dpuGUI11.dll 593920 bytes executable
    C:\WINDOWS\system32\dpus10.dll 335872 bytes executable
    C:\WINDOWS\system32\dpus11.dll 344064 bytes executable
    C:\WINDOWS\system32\dpv10.dll 53248 bytes executable
    C:\WINDOWS\system32\dpv11.dll 57344 bytes executable
    C:\WINDOWS\system32\dpvacm.dll 21504 bytes executable
    C:\WINDOWS\system32\dpvoice.dll 213504 bytes executable
    C:\WINDOWS\system32\dpvsetup.exe 83456 bytes executable
    C:\WINDOWS\system32\dpvvox.dll 116736 bytes executable
    C:\WINDOWS\system32\dpwsock.dll 42768 bytes executable
    C:\WINDOWS\system32\dpwsockx.dll 57856 bytes executable
    C:\WINDOWS\system32\DRAGNKL1.dll 495616 bytes executable
    C:\WINDOWS\system32\drivers
    C:\WINDOWS\system32\drmclien.dll 253688 bytes executable
    C:\WINDOWS\system32\drmstor.dll 95232 bytes executable
    C:\WINDOWS\system32\drmupgds.exe 249856 bytes executable
    C:\WINDOWS\system32\drmv2clt.dll 991744 bytes executable
    C:\WINDOWS\system32\drprov.dll 14336 bytes executable
    C:\WINDOWS\system32\DRVSTORE
    C:\WINDOWS\system32\drwatson.exe 28400 bytes
    C:\WINDOWS\system32\unimdm.tsp 207872 bytes executable
    C:\WINDOWS\system32\unimdmat.dll 78848 bytes executable
    C:\WINDOWS\system32\Uninstall.ico 766 bytes
    C:\WINDOWS\system32\uniplat.dll 13824 bytes executable
    C:\WINDOWS\system32\unlodctr.exe 4096 bytes executable
    C:\WINDOWS\system32\untfs.dll 316416 bytes executable
    C:\WINDOWS\system32\UnzDll.dll 115200 bytes executable
    C:\WINDOWS\system32\upnp.dll 132608 bytes executable
    C:\WINDOWS\system32\upnpcont.exe 16896 bytes executable
    C:\WINDOWS\system32\upnphost.dll 185344 bytes executable
    C:\WINDOWS\system32\upnpui.dll 240128 bytes executable
    C:\WINDOWS\system32\ups.exe 18432 bytes executable
    C:\WINDOWS\system32\ureg.dll 17920 bytes executable
    C:\WINDOWS\system32\url.dll 105984 bytes executable
    C:\WINDOWS\system32\urlmon.dll 1159680 bytes executable
    C:\WINDOWS\system32\URTTemp
    C:\WINDOWS\system32\usbmon.dll 16896 bytes executable
    C:\WINDOWS\system32\usbui.dll 77312 bytes executable
    C:\WINDOWS\system32\user.exe 47872 bytes
    C:\WINDOWS\system32\user32.dll 578560 bytes executable
    C:\WINDOWS\system32\userenv.dll 731136 bytes executable
    C:\WINDOWS\system32\userinit.exe 25088 bytes executable
    C:\WINDOWS\system32\systray.exe 3072 bytes executable
    C:\WINDOWS\system32\taskman.exe 15872 bytes executable
    C:\WINDOWS\system32\tm20dec.ax 140800 bytes executable
    C:\WINDOWS\system32\tsbyuv.dll 8192 bytes executable
    C:\WINDOWS\system32\TwnLib20.dll 106496 bytes executable
    C:\WINDOWS\system32\umdmxfrm.dll 13312 bytes executable
    C:\WINDOWS\system32\lfgif13n.dll 69632 bytes executable
    C:\WINDOWS\system32\lfpcd11n.dll 26112 bytes executable
    C:\WINDOWS\system32\LFPCD12N.DLL 19968 bytes executable
    C:\WINDOWS\system32\LFPCT12N.DLL 60416 bytes executable
    C:\WINDOWS\system32\lfpcx11n.dll 33280 bytes executable
    C:\WINDOWS\system32\LFPCX12N.DLL 26112 bytes executable
    C:\WINDOWS\system32\Lfpng11n.dll 172032 bytes executable
    C:\WINDOWS\system32\LFPNG12N.DLL 181248 bytes executable
    C:\WINDOWS\system32\lfpsd11n.dll 56320 bytes executable
    C:\WINDOWS\system32\LFPSD12N.DLL 36864 bytes executable
    C:\WINDOWS\system32\lftga11n.dll 27648 bytes executable
    C:\WINDOWS\system32\lftif11n.dll 152064 bytes executable
    C:\WINDOWS\system32\LFTIF12N.DLL 141312 bytes executable
    C:\WINDOWS\system32\lfwmf11n.dll 59392 bytes executable
    C:\WINDOWS\system32\libdivx.dll 1044480 bytes executable
    C:\WINDOWS\system32\licdll.dll 424960 bytes executable
    C:\WINDOWS\system32\licmgr10.dll 40960 bytes executable
    C:\WINDOWS\system32\licwmi.dll 58880 bytes executable
    C:\WINDOWS\system32\hlink.dll 72704 bytes executable
    C:\WINDOWS\system32\hlp95en.dll 32256 bytes executable
    C:\WINDOWS\system32\hnetcfg.dll 347648 bytes executable
    C:\WINDOWS\system32\hnetmon.dll 15360 bytes executable
    C:\WINDOWS\system32\hnetwiz.dll 336384 bytes executable
    C:\WINDOWS\system32\homepage.inf 929 bytes
    C:\WINDOWS\system32\hostname.exe 8704 bytes executable
    C:\WINDOWS\system32\hotplug.dll 146944 bytes executable
    C:\WINDOWS\system32\hsfcisp2.dll 32285 bytes executable
    C:\WINDOWS\system32\hticons.dll 44544 bytes executable
    C:\WINDOWS\system32\html.iec 443904 bytes executable
    C:\WINDOWS\system32\httpapi.dll 24576 bytes executable
    C:\WINDOWS\system32\htui.dll 43008 bytes executable
    C:\WINDOWS\system32\hypertrm.dll 354304 bytes executable
    C:\WINDOWS\system32\iac25_32.ax 199680 bytes executable
    C:\WINDOWS\system32\Iacenc.dll 144384 bytes executable
    C:\WINDOWS\system32\msmask32.ocx 166600 bytes executable
    C:\WINDOWS\system32\msnetobj.dll 179712 bytes executable
    C:\WINDOWS\system32\msnsspc.dll 290816 bytes executable
    C:\WINDOWS\system32\msobjs.dll 37376 bytes executable
    C:\WINDOWS\system32\msoeacct.dll 252928 bytes executable
    C:\WINDOWS\system32\msoert2.dll 105984 bytes executable
    C:\WINDOWS\system32\msorc32r.dll 24576 bytes executable
    C:\WINDOWS\system32\msorcl32.dll 143360 bytes executable
    C:\WINDOWS\system32\mspaint.exe 347648 bytes executable
    C:\WINDOWS\system32\mspatcha.dll 30208 bytes executable
    C:\WINDOWS\system32\mspbde40.dll 348189 bytes executable
    C:\WINDOWS\system32\mspdox35.dll 250128 bytes executable
    C:\WINDOWS\system32\mspmsnsv.dll 27136 bytes executable
    C:\WINDOWS\system32\mspmsp.dll 175616 bytes executable
    C:\WINDOWS\system32\nmmkcert.dll 28672 bytes executable
    C:\WINDOWS\system32\noise.chs 1696 bytes
    C:\WINDOWS\system32\noise.cht 1696 bytes
    C:\WINDOWS\system32\noise.dat 741 bytes
    C:\WINDOWS\system32\noise.deu 149848 bytes
    C:\WINDOWS\system32\noise.eng 751 bytes
    C:\WINDOWS\system32\noise.enu 751 bytes
    C:\WINDOWS\system32\noise.esn 19684 bytes
    C:\WINDOWS\system32\noise.fra 49196 bytes
    C:\WINDOWS\system32\noise.ita 19618 bytes
    C:\WINDOWS\system32\noise.nld 13256 bytes
    C:\WINDOWS\system32\noise.sve 13730 bytes
    C:\WINDOWS\system32\noise.tha 697 bytes
    C:\WINDOWS\system32\normaliz.dll 23552 bytes executable
    C:\WINDOWS\system32\normidna.nls 59342 bytes
    C:\WINDOWS\system32\normnfc.nls 45794 bytes
    C:\WINDOWS\system32\normnfd.nls 39284 bytes
    C:\WINDOWS\system32\normnfkc.nls 66384 bytes
    C:\WINDOWS\system32\normnfkd.nls 60294 bytes
    C:\WINDOWS\system32\notepad.exe 70656 bytes executable
    C:\WINDOWS\system32\Npindeo.dll 151552 bytes executable
    C:\WINDOWS\system32\dmcpl.exe 1323008 bytes executable
    C:\WINDOWS\system32\dmdlgs.dll 273920 bytes executable
    C:\WINDOWS\system32\dmdskmgr.dll 200704 bytes executable
    C:\WINDOWS\system32\dmdskres.dll 134656 bytes executable
    C:\WINDOWS\system32\dmime.dll 181248 bytes executable
    C:\WINDOWS\system32\dmintf.dll 18432 bytes executable
    C:\WINDOWS\system32\dmloader.dll 35840 bytes executable
    C:\WINDOWS\system32\dmocx.dll 19456 bytes executable
    C:\WINDOWS\system32\dmremote.exe 15872 bytes executable
    C:\WINDOWS\system32\dmscript.dll 82432 bytes executable
    C:\WINDOWS\system32\dmserver.dll 24576 bytes executable
    C:\WINDOWS\system32\dmstyle.dll 105984 bytes executable
    C:\WINDOWS\system32\dmsynth.dll 103424 bytes executable
    C:\WINDOWS\system32\dmusic.dll 104448 bytes executable
    C:\WINDOWS\system32\dmutil.dll 58880 bytes executable
    C:\WINDOWS\system32\dmview.ocx 61440 bytes executable
    C:\WINDOWS\system32\dnsapi.dll 148480 bytes executable
    C:\WINDOWS\system32\dnsrslvr.dll 45568 bytes executable
    C:\WINDOWS\system32\kbdsg.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdsl.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdsl1.dll 6656 bytes executable
    C:\WINDOWS\system32\kbdsmsfi.dll 7680 bytes executable
    C:\WINDOWS\system32\kbdsmsno.dll 7680 bytes executable
    C:\WINDOWS\system32\kbdsp.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdsw.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdtat.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdtuf.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdtuq.dll 6144 bytes executable
    C:\WINDOWS\system32\kbduk.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdukx.dll 7168 bytes executable
    C:\WINDOWS\system32\kbdur.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdus.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdusl.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdusr.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdusx.dll 6144 bytes executable
    C:\WINDOWS\system32\kbduzb.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdycc.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdycl.dll 6656 bytes executable
    C:\WINDOWS\system32\kd1394.dll 7424 bytes executable
    C:\WINDOWS\system32\comm.drv 10544 bytes
    C:\WINDOWS\system32\command.com 52103 bytes
    C:\WINDOWS\system32\commdlg.dll 33904 bytes
    C:\WINDOWS\system32\comp.exe 15872 bytes executable
    C:\WINDOWS\system32\compact.exe 18432 bytes executable
    C:\WINDOWS\system32\compatui.dll 253440 bytes executable
    C:\WINDOWS\system32\compmgmt.msc 37357 bytes
    C:\WINDOWS\system32\compobj.dll 30160 bytes
    C:\WINDOWS\system32\compstui.dll 230912 bytes executable
    C:\WINDOWS\system32\comrepl.dll 97792 bytes executable
    C:\WINDOWS\system32\comres.dll 851968 bytes executable
    C:\WINDOWS\system32\comsnap.dll 147456 bytes executable
    C:\WINDOWS\system32\comsvcs.dll 1267200 bytes executable
    C:\WINDOWS\system32\comuid.dll 540160 bytes executable
    C:\WINDOWS\system32\dpserial.dll 54032 bytes executable
    C:\WINDOWS\system32\drwtsn32.exe 47104 bytes executable
    C:\WINDOWS\system32\dssec.dat 218003 bytes
    C:\WINDOWS\system32\dxdllreg.exe 46592 bytes executable
    C:\WINDOWS\system32\dzip32.dll 143360 bytes executable
    C:\WINDOWS\system32\EPPICLocal_SC.cfg 5436 bytes
    C:\WINDOWS\system32\EqnClass.Dll 103424 bytes executable
    C:\WINDOWS\system32\eventvwr.msc 56286 bytes
    C:\WINDOWS\system32\find.exe 9216 bytes executable
    C:\WINDOWS\system32\ftsrch.dll 177152 bytes executable
    C:\WINDOWS\system32\fxssend.exe 11776 bytes executable
    C:\WINDOWS\system32\gpkcsp.dll 101888 bytes executable
    C:\WINDOWS\system32\himem.sys 4912 bytes
    C:\WINDOWS\system32\ias
    C:\WINDOWS\system32\icwdial.dll 73728 bytes executable
    C:\WINDOWS\system32\ifsutil.dll 70656 bytes executable
    C:\WINDOWS\system32\infosoft.dll 450560 bytes executable
    C:\WINDOWS\system32\ipxmontr.dll 91648 bytes executable
    C:\WINDOWS\system32\isign32.dll 86016 bytes executable
    C:\WINDOWS\system32\jet500.dll 362496 bytes executable
    C:\WINDOWS\system32\joy.cpl 70144 bytes executable
    C:\WINDOWS\system32\jview.exe 172304 bytes executable
    C:\WINDOWS\system32\kbdbe.dll 6144 bytes executable
    C:\WINDOWS\system32\kbdit.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdsf.dll 6144 bytes executable
    C:\WINDOWS\system32\fxsst.dll 563712 bytes executable
    C:\WINDOWS\system32\fxssvc.exe 268800 bytes executable
    C:\WINDOWS\system32\fxst30.dll 246272 bytes executable
    C:\WINDOWS\system32\fxstiff.dll 397312 bytes executable
    C:\WINDOWS\system32\FxsTmp
    C:\WINDOWS\system32\fxsui.dll 156672 bytes executable
    C:\WINDOWS\system32\fxswzrd.dll 197120 bytes executable
    C:\WINDOWS\system32\fxsxp32.dll 400896 bytes executable
    C:\WINDOWS\system32\g711codc.ax 41472 bytes executable
    C:\WINDOWS\system32\gb2312.uce 24006 bytes
    C:\WINDOWS\system32\gcdef.dll 223232 bytes executable
    C:\WINDOWS\system32\gdi.exe 24576 bytes
    C:\WINDOWS\system32\gdi32.dll 282112 bytes executable
    C:\WINDOWS\system32\GdiPlus.dll 1700352 bytes executable
    C:\WINDOWS\system32\geo.nls 24772 bytes
    C:\WINDOWS\system32\getuname.dll 634880 bytes executable
    C:\WINDOWS\system32\GkSui18.EXE 69632 bytes executable
    C:\WINDOWS\system32\glmf32.dll 285184 bytes executable
    C:\WINDOWS\system32\glu32.dll 123904 bytes executable
    C:\WINDOWS\system32\mfc42loc.dll 57344 bytes executable
    C:\WINDOWS\system32\mfc42u.dll 981760 bytes executable
    C:\WINDOWS\system32\mfc70.dll 974848 bytes executable
    C:\WINDOWS\system32\mfc70fra.dll 61440 bytes executable
    C:\WINDOWS\system32\MFC71.dll 1060864 bytes executable
    C:\WINDOWS\system32\MFC71CHS.DLL 40960 bytes executable
    C:\WINDOWS\system32\MFC71CHT.DLL 45056 bytes executable
    C:\WINDOWS\system32\MFC71DEU.DLL 65536 bytes executable
    C:\WINDOWS\system32\MFC71ENU.DLL 57344 bytes executable
    C:\WINDOWS\system32\MFC71ESP.DLL 61440 bytes executable
    C:\WINDOWS\system32\MFC71FRA.DLL 61440 bytes executable
    C:\WINDOWS\system32\MFC71ITA.DLL 61440 bytes executable
    C:\WINDOWS\system32\MFC71JPN.DLL 49152 bytes executable
    C:\WINDOWS\system32\MFC71KOR.DLL 49152 bytes executable
    C:\WINDOWS\system32\MFC71u.dll 1047552 bytes executable
    C:\WINDOWS\system32\mfcans32.dll 133904 bytes executable
    C:\WINDOWS\system32\mfcsubs.dll 22528 bytes executable
    C:\WINDOWS\system32\mfcuia32.dll 5632 bytes executable
    C:\WINDOWS\system32\mfplat.dll 212992 bytes executable
    C:\WINDOWS\system32\mgmtapi.dll 14848 bytes executable
    C:\WINDOWS\system32\mib.bin 46258 bytes
    C:\WINDOWS\system32\Microsoft
    C:\WINDOWS\system32\ltimg13n.dll 450560 bytes executable
    C:\WINDOWS\system32\ltkrn11n.dll 392192 bytes executable
    C:\WINDOWS\system32\LTKRN12N.DLL 406016 bytes executable
    C:\WINDOWS\system32\ltkrn13n.dll 462848 bytes executable
    C:\WINDOWS\system32\ltocx12n.ocx 628736 bytes executable
    C:\WINDOWS\system32\ltscr12n.ocx 192512 bytes executable
    C:\WINDOWS\system32\Ltwvc11n.dll 716288 bytes executable
    C:\WINDOWS\system32\Ltwvc12n.dll 856064 bytes executable
    C:\WINDOWS\system32\lusrmgr.msc 41847 bytes
    C:\WINDOWS\system32\lvcodec2.dll 204800 bytes executable
    C:\WINDOWS\system32\lvcoinst.dll 106496 bytes executable
    C:\WINDOWS\system32\lvcoinst.ini 9255 bytes
    C:\WINDOWS\system32\lvcoinst.log 2101 bytes
    C:\WINDOWS\system32\LVCOMCX.dll 77824 bytes executable
    C:\WINDOWS\system32\LVCOMSX.EXE 221184 bytes executable
    C:\WINDOWS\system32\Lvkrn12n.dll 215552 bytes executable
    C:\WINDOWS\system32\LVMAENUM.dll 258048 bytes executable
    C:\WINDOWS\system32\LVUI2.dll 204800 bytes executable
    C:\WINDOWS\system32\LVUI2RC.dll 372736 bytes executable
    C:\WINDOWS\system32\LXCASUI.DLL 172544 bytes executable
    C:\WINDOWS\system32\lz32.dll 2560 bytes executable
    C:\WINDOWS\system32\lzexpand.dll 9936 bytes
    C:\WINDOWS\system32\l_except.nls 168 bytes
    C:\WINDOWS\system32\l_intl.nls 7046 bytes
    C:\WINDOWS\system32\Macromed
    C:\WINDOWS\system32\magnify.exe 73216 bytes executable
    C:\WINDOWS\system32\mag_hook.dll 8192 bytes executable
    C:\WINDOWS\system32\jscript.dll 491520 bytes executable
    C:\WINDOWS\system32\jsfr.dll 28719 bytes executable
    C:\WINDOWS\system32\jsproxy.dll 27648 bytes executable
    C:\WINDOWS\system32\jupdate-1.5.0_03-b07.log 3459 bytes
    C:\WINDOWS\system32\jupdate-1.5.0_06-b05.log 6846 bytes
    C:\WINDOWS\system32\jupdate-1.5.0_10-b03.log 8890 bytes
    C:\WINDOWS\system32\jupdate-1.5.0_11-b03.log 9601 bytes
    C:\WINDOWS\system32\jupdate-1.6.0_01-b06.log 4136 bytes
    C:\WINDOWS\system32\jupdate-1.6.0_02-b06.log 5071 bytes
    C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log 5532 bytes
    C:\WINDOWS\system32\slcoinst.dll 73832 bytes executable
    C:\WINDOWS\system32\slextspk.dll 286792 bytes executable
    C:\WINDOWS\system32\slgen.dll 188508 bytes executable
    C:\WINDOWS\system32\slrundll.exe 32866 bytes executable
    C:\WINDOWS\system32\slserv.exe 73796 bytes executable
    C:\WINDOWS\system32\sl_anet.acm 86016 bytes executable
    C:\WINDOWS\system32\smbinst.exe 8192 bytes executable
    C:\WINDOWS\system32\smlogcfg.dll 370688 bytes executable
    C:\WINDOWS\system32\smlogsvc.exe 93184 bytes executable
    C:\WINDOWS\system32\SMMSCRPT.DLL 48128 bytes executable
    C:\WINDOWS\system32\smss.exe 50688 bytes executable
    C:\WINDOWS\system32\sndrec32.exe 133120 bytes executable
    C:\WINDOWS\system32\sndvol32.exe 139264 bytes executable
    C:\WINDOWS\system32\snmpapi.dll 18944 bytes executable
    C:\WINDOWS\system32\snmpsnap.dll 184320 bytes executable
    C:\WINDOWS\system32\softpub.dll 5632 bytes executable
    C:\WINDOWS\system32\SoftwareDistribution
    9 Janvier 2008 20:56:32

    C:\WINDOWS\system32\sol.exe 57344 bytes executable
    C:\WINDOWS\system32\sort.exe 25088 bytes executable
    C:\WINDOWS\system32\sortkey.nls 262148 bytes
    C:\WINDOWS\system32\sorttbls.nls 22040 bytes
    C:\WINDOWS\system32\sound.drv 1744 bytes
    C:\WINDOWS\system32\spdwnwxp.exe 8192 bytes executable
    C:\WINDOWS\system32\spdwnwxp.log 35 bytes
    C:\WINDOWS\system32\spider.exe 539136 bytes executable
    C:\WINDOWS\system32\spmsg.dll 15664 bytes executable
    C:\WINDOWS\system32\usmt
    C:\WINDOWS\system32\v7vga.rom 18832 bytes
    C:\WINDOWS\system32\vga64k.dll 18176 bytes executable
    C:\WINDOWS\system32\wbcache.deu 65489 bytes
    C:\WINDOWS\system32\wfwnet.drv 13600 bytes
    C:\WINDOWS\system32\WindowsCodecs.dll 716288 bytes executable
    C:\WINDOWS\system32\wins
    C:\WINDOWS\system32\wmerrFRA.dll 60928 bytes executable
    C:\WINDOWS\system32\wmpstub.exe 77824 bytes executable
    C:\WINDOWS\system32\wowfaxui.dll 14336 bytes executable
    C:\WINDOWS\system32\wshnetbs.dll 7168 bytes executable
    C:\WINDOWS\system32\wuaucpl.cpl.manifest 749 bytes
    C:\WINDOWS\system32\wups2.dll 43352 bytes executable
    C:\WINDOWS\system32\xircom
    C:\WINDOWS\system32\docprop.dll 47616 bytes executable
    C:\WINDOWS\system32\kdcom.dll 7040 bytes executable
    C:\WINDOWS\system32\prodspec.ini 367 bytes
    C:\WINDOWS\system32\subst.exe 9216 bytes executable
    C:\WINDOWS\system32\unicows.dll 245408 bytes executable
    C:\WINDOWS\system32\sessmgr.exe 142336 bytes executable
    C:\WINDOWS\system32\SET20B.tmp 212992 bytes executable
    C:\WINDOWS\system32\SET213.tmp 211456 bytes executable
    C:\WINDOWS\system32\SET214.tmp 757248 bytes executable
    C:\WINDOWS\system32\SET216.tmp 222208 bytes executable
    C:\WINDOWS\system32\SET222.tmp 2450944 bytes executable
    C:\WINDOWS\system32\SET223.tmp 1543680 bytes executable
    C:\WINDOWS\system32\SET233.tmp 284160 bytes executable
    C:\WINDOWS\system32\SET235.tmp 166912 bytes executable
    C:\WINDOWS\system32\SET244.tmp 133632 bytes executable
    C:\WINDOWS\system32\SET25F.tmp 10834432 bytes executable
    C:\WINDOWS\system32\SET261.tmp 314880 bytes executable
    C:\WINDOWS\system32\SET262.tmp 242688 bytes executable
    C:\WINDOWS\system32\SET263.tmp 99840 bytes executable
    C:\WINDOWS\system32\SET264.tmp 8292352 bytes executable
    C:\WINDOWS\system32\SET47.tmp 221696 bytes executable
    C:\WINDOWS\system32\icwphbk.dll 65536 bytes executable
    C:\WINDOWS\system32\ideograf.uce 60458 bytes
    C:\WINDOWS\system32\idndl.dll 26112 bytes executable
    C:\WINDOWS\system32\idq.dll 121856 bytes executable
    C:\WINDOWS\system32\ie4uinit.exe 70656 bytes executable
    C:\WINDOWS\system32\IE7Eula.rtf 92431 bytes
    C:\WINDOWS\system32\ieakeng.dll 153088 bytes executable
    C:\WINDOWS\system32\ieaksie.dll 230400 bytes executable
    C:\WINDOWS\system32\ieakui.dll 161792 bytes executable
    C:\WINDOWS\system32\ieapfltr.dat 2455488 bytes executable
    C:\WINDOWS\system32\ieapfltr.dll 383488 bytes executable
    C:\WINDOWS\system32\iedkcs32.dll 384512 bytes executable
    C:\WINDOWS\system32\ieencode.dll 78336 bytes executable
    C:\WINDOWS\system32\ieframe.dll 6065664 bytes executable
    C:\WINDOWS\system32\ieframe.dll.mui 1048576 bytes executable
    C:\WINDOWS\system32\iepeers.dll 191488 bytes executable
    C:\WINDOWS\system32\iernonce.dll 44544 bytes executable
    C:\WINDOWS\system32\iertutil.dll 267776 bytes executable
    C:\WINDOWS\system32\iesetup.dll 55296 bytes executable
    C:\WINDOWS\system32\ieudinit.exe 13824 bytes executable
    C:\WINDOWS\system32\ieui.dll 180736 bytes executable
    C:\WINDOWS\system32\ieuinit.inf 56483 bytes
    C:\WINDOWS\system32\iexpress.exe 114688 bytes executable
    C:\WINDOWS\system32\ifmon.dll 142848 bytes executable
    C:\WINDOWS\system32\isrdbg32.dll 32768 bytes executable
    C:\WINDOWS\system32\ITIG726.acm 29795 bytes executable
    C:\WINDOWS\system32\itircl.dll 155136 bytes executable
    C:\WINDOWS\system32\itss.dll 137216 bytes executable
    C:\WINDOWS\system32\iuengine.dll 198424 bytes executable
    C:\WINDOWS\system32\ivfsrc.ax 154624 bytes executable
    C:\WINDOWS\system32\ixsso.dll 54784 bytes executable
    C:\WINDOWS\system32\iyuv_32.dll 47616 bytes executable
    C:\WINDOWS\system32\Iyvu9_32.dll 56832 bytes executable
    C:\WINDOWS\system32\java.exe 135168 bytes executable
    C:\WINDOWS\system32\javacpl.cpl 69632 bytes executable
    C:\WINDOWS\system32\javacypt.dll 187152 bytes executable
    C:\WINDOWS\system32\javaee.dll 139536 bytes executable
    C:\WINDOWS\system32\javaprxy.dll 63248 bytes executable
    C:\WINDOWS\system32\javart.dll 404752 bytes executable
    C:\WINDOWS\system32\javasup.vxd 7315 bytes
    C:\WINDOWS\system32\javaw.exe 135168 bytes executable
    C:\WINDOWS\system32\javaws.exe 139264 bytes executable
    C:\WINDOWS\system32\jdbgmgr.exe 15120 bytes executable
    C:\WINDOWS\system32\setb0.tmp 5550080 bytes executable
    C:\WINDOWS\system32\kanji_1.uce 6948 bytes
    C:\WINDOWS\system32\kanji_2.uce 8484 bytes
    C:\WINDOWS\system32\kb16.com 14841 bytes
    C:\WINDOWS\system32\kbd101b.dll 6144 bytes executable
    C:\WINDOWS\system32\kbd101c.dll 6144 bytes executable
    C:\WINDOWS\system32\kbd103.dll 5632 bytes executable
    C:\WINDOWS\system32\kbd106.dll 6144 bytes executable
    C:\WINDOWS\system32\KBDAL.DLL 6656 bytes executable
    C:\WINDOWS\system32\kbdaze.dll 5632 bytes executable
    C:\WINDOWS\system32\kbdazel.dll 5632 bytes executable
    C:\WINDOWS\system32\PCDLIB32.DLL 212480 bytes executable
    C:\WINDOWS\system32\pcl.sep 114 bytes
    C:\WINDOWS\system32\pcl2pdf32.dll 274432 bytes executable
    C:\WINDOWS\system32\pcl2pdfdevlib.ocx 286720 bytes executable
    C:\WINDOWS\system32\pdfcreactivex.dll 1007616 bytes executable
    C:\WINDOWS\system32\pdh.dll 286208 bytes executable
    C:\WINDOWS\system32\pentnt.exe 15360 bytes executable
    C:\WINDOWS\system32\perfc009.dat 59326 bytes
    C:\WINDOWS\system32\perfc00C.dat 71688 bytes
    C:\WINDOWS\system32\perfci.h 427 bytes
    C:\WINDOWS\system32\umpnpmgr.dll 124928 bytes executable
    C:\WINDOWS\system32\unam4ie.exe 63488 bytes executable
    C:\WINDOWS\system32\unicode.nls 89588 bytes
    C:\WINDOWS\system32\toolhelp.dll 13888 bytes
    C:\WINDOWS\system32\tourstart.exe 347136 bytes executable
    C:\WINDOWS\system32\tracert.exe 13312 bytes executable
    C:\WINDOWS\system32\tracert6.exe 32256 bytes executable
    C:\WINDOWS\system32\traffic.dll 31232 bytes executable
    C:\WINDOWS\system32\tree.com 11264 bytes executable
    C:\WINDOWS\system32\trkwks.dll 90624 bytes executable
    C:\WINDOWS\system32\tsappcmp.dll 52224 bytes executable
    C:\WINDOWS\system32\wuaucpl.cpl.mui 30040 bytes executable
    C:\WINDOWS\system32\wuaueng.dll 1712984 bytes executable
    C:\WINDOWS\system32\wuaueng.dll.mui 21336 bytes executable
    C:\WINDOWS\system32\wuaueng1.dll 195352 bytes executable
    C:\WINDOWS\system32\wuauserv.dll 6656 bytes executable
    C:\WINDOWS\system32\wucltui.dll 325976 bytes executable
    C:\WINDOWS\system32\wucltui.dll.mui 38232 bytes executable
    C:\WINDOWS\system32\WUDFCoinstaller.dll 95344 bytes executable
    C:\WINDOWS\system32\WudfHost.exe 146432 bytes executable
    C:\WINDOWS\system32\WudfPlatform.dll 165376 bytes executable
    C:\WINDOWS\system32\WudfSvc.dll 55808 bytes executable
    C:\WINDOWS\system32\WUDFx.dll 316416 bytes executable
    C:\WINDOWS\system32\wupdmgr.exe 32256 bytes executable
    C:\WINDOWS\system32\wups.dll 33624 bytes executable
    C:\WINDOWS\system32\PortableDeviceClassExtension.dll 101888 bytes executable
    C:\WINDOWS\system32\portabledevicetypes.dll 166912 bytes executable
    C:\WINDOWS\system32\PortableDeviceWiaCompat.dll 132096 bytes executable
    C:\WINDOWS\system32\PortableDeviceWMDRM.dll 199168 bytes executable
    C:\WINDOWS\system32\powercfg.cpl 118272 bytes executable
    C:\WINDOWS\system32\powercfg.exe 49152 bytes executable
    C:\WINDOWS\system32\powrprof.dll 17408 bytes executable
    C:\WINDOWS\system32\PreInstall
    C:\WINDOWS\system32\prflbmsg.dll 18944 bytes executable
    C:\WINDOWS\system32\print.exe 9216 bytes executable
    C:\WINDOWS\system32\printui.dll 578560 bytes executable
    C:\WINDOWS\system32\proctexe.ocx 81920 bytes executable
    C:\WINDOWS\system32\exe2bin.exe 8424 bytes
    C:\WINDOWS\system32\expand.exe 16896 bytes executable
    C:\WINDOWS\system32\export
    C:\WINDOWS\system32\expsrv.dll 380957 bytes executable
    C:\WINDOWS\system32\extmgr.dll 132608 bytes executable
    C:\WINDOWS\system32\extrac32.exe 45568 bytes executable
    C:\WINDOWS\system32\exts.dll 121856 bytes executable
    C:\WINDOWS\system32\E_DCINST.DLL 49152 bytes executable
    C:\WINDOWS\system32\E_FBCBACE.DLL 64000 bytes executable
    C:\WINDOWS\system32\E_FBCHACE.DLL 34304 bytes executable
    C:\WINDOWS\system32\E_FLMACE.DLL 79679 bytes executable
    C:\WINDOWS\system32\fastopen.exe 882 bytes
    C:\WINDOWS\system32\faultrep.dll 80896 bytes executable
    C:\WINDOWS\system32\faxpatch.exe 20992 bytes executable
    C:\WINDOWS\system32\fc.exe 14848 bytes executable
    C:\WINDOWS\system32\feclient.dll 21504 bytes executable
    C:\WINDOWS\system32\filemgmt.dll 348160 bytes executable
    C:\WINDOWS\system32\EPPICLocal_BP.cfg 6347 bytes
    C:\WINDOWS\system32\EPPICLocal_CF.cfg 6195 bytes
    C:\WINDOWS\system32\EPPICLocal_DU.cfg 6122 bytes
    C:\WINDOWS\system32\EPPICLocal_EN.cfg 13732 bytes
    C:\WINDOWS\system32\EPPICLocal_ES.cfg 6103 bytes
    C:\WINDOWS\system32\EPPICLocal_FR.cfg 6195 bytes
    C:\WINDOWS\system32\EPPICLocal_GE.cfg 6335 bytes
    C:\WINDOWS\system32\EPPICLocal_IT.cfg 6442 bytes
    C:\WINDOWS\system32\EPPICLocal_KO.cfg 5817 bytes
    C:\WINDOWS\system32\EPPICLocal_PT.cfg 6347 bytes
    C:\WINDOWS\system32\EPPICLocal_RU.cfg 2889 bytes
    C:\WINDOWS\system32\EPPICLocal_TC.cfg 2426 bytes
    C:\WINDOWS\system32\EPPicMgr.dll 65536 bytes executable
    C:\WINDOWS\system32\EPPICPattern1.dat 26154 bytes
    C:\WINDOWS\system32\EPPICPattern2.dat 20148 bytes
    C:\WINDOWS\system32\EPPICPattern3.dat 24903 bytes
    C:\WINDOWS\system32\EPPICPattern4.dat 11811 bytes
    C:\WINDOWS\system32\EPPICPattern5.dat 21390 bytes
    C:\WINDOWS\system32\EPPICPattern6.dat 4943 bytes
    C:\WINDOWS\system32\EPPICPresetData_BP.dat 1139 bytes
    C:\WINDOWS\system32\EPPICPresetData_CF.dat 1129 bytes
    C:\WINDOWS\system32\EPPICPresetData_DU.dat 1146 bytes
    C:\WINDOWS\system32\EPPICPresetData_EN.dat 1104 bytes
    C:\WINDOWS\system32\EPPICPresetData_ES.dat 1136 bytes
    C:\WINDOWS\system32\EPPICPresetData_FR.dat 1129 bytes
    C:\WINDOWS\system32\EPPICPresetData_GE.dat 1107 bytes
    C:\WINDOWS\system32\EPPICPresetData_IT.dat 1120 bytes
    C:\WINDOWS\system32\EPPICPresetData_PT.dat 1139 bytes
    C:\WINDOWS\system32\EPPICPrinterDB.dat 92240 bytes
    C:\WINDOWS\system32\EpPicPrt.dll 114688 bytes executable
    C:\WINDOWS\system32\Setup
    C:\WINDOWS\system32\setup.bmp 240120 bytes
    C:\WINDOWS\system32\setup.exe 23040 bytes executable
    C:\WINDOWS\system32\setupapi.dll 1003520 bytes executable
    C:\WINDOWS\system32\setupdll.dll 421376 bytes executable
    C:\WINDOWS\system32\setver.exe 12067 bytes
    C:\WINDOWS\system32\sfc.dll 5120 bytes executable
    C:\WINDOWS\system32\sfc.exe 10240 bytes executable
    C:\WINDOWS\system32\sfcfiles.dll 1548288 bytes executable
    C:\WINDOWS\system32\sfc_os.dll 142336 bytes executable
    C:\WINDOWS\system32\sfmapi.dll 23552 bytes executable
    C:\WINDOWS\system32\sfxbe321.dll 73216 bytes executable
    C:\WINDOWS\system32\sfxbe322.dll 77312 bytes executable
    C:\WINDOWS\system32\sfxbe323.dll 74240 bytes executable
    C:\WINDOWS\system32\sfxbe324.dll 78336 bytes executable
    C:\WINDOWS\system32\sfxfe32.exe 53760 bytes executable
    C:\WINDOWS\system32\sfxfe321.exe 58368 bytes executable
    C:\WINDOWS\system32\shadow.exe 15360 bytes executable
    C:\WINDOWS\system32\mssip32.dll 4608 bytes executable
    C:\WINDOWS\system32\MSSTDFMT.DLL 118784 bytes executable
    C:\WINDOWS\system32\msswch.dll 13312 bytes executable
    C:\WINDOWS\system32\msswchx.exe 6656 bytes executable
    C:\WINDOWS\system32\mstask.dll 281600 bytes executable
    C:\WINDOWS\system32\mstext35.dll 165648 bytes executable
    C:\WINDOWS\system32\mstext40.dll 258077 bytes executable
    C:\WINDOWS\system32\mstime.dll 671232 bytes executable
    C:\WINDOWS\system32\mstinit.exe 12288 bytes executable
    C:\WINDOWS\system32\mstlsapi.dll 115712 bytes executable
    C:\WINDOWS\system32\mstsc.exe 411648 bytes executable
    C:\WINDOWS\system32\mstscax.dll 655360 bytes executable
    C:\WINDOWS\system32\msuni11.dll 241725 bytes executable
    C:\WINDOWS\system32\msutb.dll 195584 bytes executable
    C:\WINDOWS\system32\msv1_0.dll 129536 bytes executable
    C:\WINDOWS\system32\stdole2.tlb 17920 bytes executable
    C:\WINDOWS\system32\stdole32.tlb 7168 bytes executable
    C:\WINDOWS\system32\sti.dll 68096 bytes executable
    C:\WINDOWS\system32\stimon.exe 14848 bytes executable
    C:\WINDOWS\system32\sti_ci.dll 138240 bytes executable
    C:\WINDOWS\system32\stobject.dll 122368 bytes executable
    C:\WINDOWS\system32\storage.dll 4208 bytes
    C:\WINDOWS\system32\storprop.dll 76800 bytes executable
    C:\WINDOWS\system32\Strato4.dll 176128 bytes executable
    C:\WINDOWS\system32\streamci.dll 8192 bytes executable
    C:\WINDOWS\system32\strmdll.dll 246814 bytes executable
    C:\WINDOWS\system32\strmfilt.dll 75776 bytes executable
    C:\WINDOWS\system32\subrange.uce 93702 bytes
    C:\WINDOWS\system32\WindowsCodecsExt.dll 352256 bytes executable
    C:\WINDOWS\system32\WindowsLogon.manifest 488 bytes
    C:\WINDOWS\system32\winfax.dll 9216 bytes executable
    C:\WINDOWS\system32\WinFXDocObj.exe 206336 bytes executable
    C:\WINDOWS\system32\winhelp.hlp 37237 bytes
    C:\WINDOWS\system32\winhlp32.exe 8192 bytes executable
    C:\WINDOWS\system32\winhttp.dll 351232 bytes executable
    C:\WINDOWS\system32\wininet.dll 824832 bytes executable
    C:\WINDOWS\system32\winipsec.dll 32768 bytes executable
    C:\WINDOWS\system32\winlogon.exe 506368 bytes executable
    C:\WINDOWS\system32\winmine.exe 119808 bytes executable
    C:\WINDOWS\system32\winmm.dll 180736 bytes executable
    C:\WINDOWS\system32\winmsd.exe 11776 bytes executable
    C:\WINDOWS\system32\winnls.dll 5120 bytes
    C:\WINDOWS\system32\winntbbu.dll 773632 bytes executable
    C:\WINDOWS\system32\winoldap.mod 2080 bytes
    C:\WINDOWS\system32\winrnr.dll 16896 bytes executable
    C:\WINDOWS\system32\xmllite.dll 121856 bytes executable
    C:\WINDOWS\system32\xmlprov.dll 129536 bytes executable
    C:\WINDOWS\system32\xmlprovi.dll 50176 bytes executable
    C:\WINDOWS\system32\xolehlp.dll 11776 bytes executable
    C:\WINDOWS\system32\xpob2res.dll 445440 bytes executable
    C:\WINDOWS\system32\xpsp1hfm.exe 26112 bytes executable
    C:\WINDOWS\system32\xpsp1res.dll 197632 bytes executable
    C:\WINDOWS\system32\xpsp2res.dll 2986496 bytes executable
    C:\WINDOWS\system32\xpsp3res.dll 369152 bytes executable
    C:\WINDOWS\system32\xvid.ax 53248 bytes executable
    C:\WINDOWS\system32\xvidcore.dll 524288 bytes executable
    C:\WINDOWS\system32\xvidvfw.dll 139264 bytes executable
    C:\WINDOWS\system32\zipfldr.dll 340480 bytes executable
    C:\WINDOWS\system32\zonedoff.reg 113 bytes
    C:\WINDOWS\system32\zonedon.reg 113 bytes
    C:\WINDOWS\system32\h323.tsp 266752 bytes executable
    C:\WINDOWS\system32\h323log.txt 0 bytes
    C:\WINDOWS\system32\h323msp.dll 614912 bytes executable
    C:\WINDOWS\system32\HAL.DLL 131968 bytes executable
    C:\WINDOWS\system32\hccoin.dll 7168 bytes executable
    C:\WINDOWS\system32\hdwwiz.cpl 157184 bytes executable
    C:\WINDOWS\system32\help.exe 16384 bytes executable
    C:\WINDOWS\system32\hhctrl.ocx 546304 bytes executable
    C:\WINDOWS\system32\hhsetup.dll 41472 bytes executable
    C:\WINDOWS\system32\hid.dll 20992 bytes executable
    C:\WINDOWS\system32\hidphone.tsp 30208 bytes executable
    C:\WINDOWS\system32\dxmasf.dll 500278 bytes executable
    C:\WINDOWS\system32\dxtmsft.dll 346624 bytes executable
    C:\WINDOWS\system32\dxtmsft3.dll 182032 bytes executable
    C:\WINDOWS\system32\dxtrans.dll 214528 bytes executable
    C:\WINDOWS\system32\dzactx.dll 249856 bytes executable

    scan completed successfully
    hidden services: 0
    hidden files: 2199


    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    200 - explorer.exe
    248 - LVCOMSX.EXE
    332 - msmsgs.exe
    448 - csrss.exe
    488 - winlogon.exe
    532 - services.exe
    544 - lsass.exe
    588 - tf1.exe
    652 - fts.exe
    692 - svchost.exe
    748 - svchost.exe
    780 - svchost.exe
    864 - svchost.exe
    948 - apdproxy.exe
    964 - mm_tray.exe
    988 - cmd.exe
    1012 - spoolsv.exe
    1132 - PCCClient.exe
    1208 - AVGNT.EXE
    1220 - AVWUPSRV.EXE
    1272 - nvsvc32.exe
    1312 - svchost.exe
    1644 - wscntfy.exe
    1652 - LogiTray.exe
    1656 - AGRSMMSG.exe
    2180 - ctfmon.exe
    2492 - msnmsgr.exe
    3704 - NkbMonitor.exe
    3728 - ooneclockv65.ex
    3776 - MSN Pictures Di
    3848 - soffice.exe
    3856 - FxSvr2.exe

    Total number of processes = 33
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806EC000 - \WINDOWS\system32\hal.dll
    FA0C7000 - \WINDOWS\system32\KDCOM.DLL
    F9FD7000 - \WINDOWS\system32\BOOTVID.dll
    F9B80000 - d347bus.sys
    F9B51000 - ACPI.sys
    FA0C9000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
    F9B40000 - pci.sys
    F9BC7000 - isapnp.sys
    FA0CB000 - viaide.sys
    F9E47000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    F9BD7000 - MountMgr.sys
    F9B21000 - ftdisk.sys
    F9E4F000 - PartMgr.sys
    F9BE7000 - VolSnap.sys
    F9B09000 -
    FA0CD000 - d347prt.sys
    F9AF1000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
    F9BF7000 - disk.sys
    F9C07000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    F9AD1000 - fltmgr.sys
    F9ABF000 - sr.sys
    F9E57000 - PxHelp20.sys
    F9AA8000 - KSecDD.sys
    F9A1B000 - Ntfs.sys
    F99EE000 - NDIS.sys
    F9E5F000 - viaagp1.sys
    F9C17000 - ohci1394.sys
    F9C27000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
    F99D3000 - Mup.sys
    F9C57000 - \SystemRoot\System32\DRIVERS\nic1394.sys
    F9CA7000 - \SystemRoot\System32\DRIVERS\intelppm.sys
    F9853000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
    F983F000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    F9CB7000 - \SystemRoot\System32\DRIVERS\Rtlnic51.sys
    F9720000 - \SystemRoot\System32\DRIVERS\AGRSM.sys
    F9F97000 - \SystemRoot\System32\Drivers\Modem.SYS
    F9F9F000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
    F96FD000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
    F9FA7000 - \SystemRoot\System32\DRIVERS\usbehci.sys
    FA0AB000 - \SystemRoot\system32\drivers\pfc.sys
    F9CC7000 - \SystemRoot\System32\DRIVERS\cdrom.sys
    F9CD7000 - \SystemRoot\System32\DRIVERS\redbook.sys
    F96DA000 - \SystemRoot\System32\DRIVERS\ks.sys
    F9CE7000 - \SystemRoot\System32\DRIVERS\imapi.sys
    F966B000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
    F9647000 - \SystemRoot\system32\drivers\portcls.sys
    F9D07000 - \SystemRoot\system32\drivers\drmk.sys
    F95E4000 - \SystemRoot\system32\drivers\ALCXSENS.SYS
    F9FAF000 - \SystemRoot\System32\DRIVERS\fdc.sys
    F95D3000 - \SystemRoot\System32\DRIVERS\serial.sys
    FA0B7000 - \SystemRoot\System32\DRIVERS\serenum.sys
    F95BF000 - \SystemRoot\System32\DRIVERS\parport.sys
    F9D17000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
    F9FB7000 - \SystemRoot\System32\DRIVERS\mouclass.sys
    F9FBF000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
    FA2D2000 - \SystemRoot\system32\drivers\msmpu401.sys
    FA0BB000 - \SystemRoot\System32\DRIVERS\gameenum.sys
    FA2DB000 - \SystemRoot\System32\DRIVERS\audstub.sys
    F9D97000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
    FA0BF000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
    F9580000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
    F9DA7000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
    F9DB7000 - \SystemRoot\System32\DRIVERS\raspptp.sys
    F9E87000 - \SystemRoot\System32\DRIVERS\TDI.SYS
    F956F000 - \SystemRoot\System32\DRIVERS\psched.sys
    F9DC7000 - \SystemRoot\System32\DRIVERS\msgpc.sys
    F9E8F000 - \SystemRoot\System32\DRIVERS\ptilink.sys
    F9E97000 - \SystemRoot\System32\DRIVERS\raspti.sys
    F94B6000 - \SystemRoot\System32\DRIVERS\PPPoEWin.SYS
    F9DD7000 - \SystemRoot\System32\DRIVERS\termdd.sys
    FA111000 - \SystemRoot\System32\DRIVERS\swenum.sys
    F945D000 - \SystemRoot\System32\DRIVERS\update.sys
    F99A7000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
    F9DE7000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    FA07B000 - \SystemRoot\system32\drivers\MODEMCSA.sys
    F9E17000 - \SystemRoot\System32\DRIVERS\usbhub.sys
    FA131000 - \SystemRoot\System32\DRIVERS\USBD.SYS
    F9EA7000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
    FA135000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    FA231000 - \SystemRoot\System32\Drivers\Null.SYS
    FA137000 - \SystemRoot\System32\Drivers\Beep.SYS
    F9EB7000 - \SystemRoot\System32\drivers\vga.sys
    FA139000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    FA13B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F9EBF000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F9EC7000 - \SystemRoot\System32\Drivers\Npfs.SYS
    FA08B000 - \SystemRoot\System32\DRIVERS\rasacd.sys
    F42CA000 - \SystemRoot\System32\DRIVERS\ipsec.sys
    F42A2000 - \SystemRoot\System32\DRIVERS\netbt.sys
    FA093000 - \SystemRoot\System32\drivers\ws2ifsl.sys
    F4280000 - \SystemRoot\System32\drivers\afd.sys
    F9E27000 - \SystemRoot\System32\DRIVERS\netbios.sys
    F9ECF000 - \SystemRoot\System32\Drivers\StarOpen.SYS
    F4255000 - \SystemRoot\System32\DRIVERS\rdbss.sys
    F41E6000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
    F9C67000 - \SystemRoot\System32\Drivers\Fips.SYS
    F9C87000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    F9EDF000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    F9C97000 - \SystemRoot\system32\drivers\lvusbsta.sys
    F418A000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
    F9CF7000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
    F40D2000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    FA145000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    F4349000 - \SystemRoot\System32\drivers\Dxapi.sys
    F9EF7000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    FA2C1000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D5000 - \SystemRoot\System32\nv4_disp.dll
    F3E1F000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
    F3BD8000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    F3B83000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
    FA0D5000 - \SystemRoot\System32\Drivers\ParVdm.SYS
    F3A19000 - \SystemRoot\System32\DRIVERS\srv.sys
    F3803000 - \SystemRoot\system32\drivers\wdmaud.sys
    F3888000 - \SystemRoot\system32\drivers\sysaudio.sys
    F343A000 - \SystemRoot\System32\Drivers\HTTP.sys
    F23FF000 - \SystemRoot\system32\drivers\kmixer.sys
    FA2B3000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 120

    Liste des programmes installes

    AC3Filter (remove only)
    Adaptateur USB-IrDA
    Adobe Flash Player 9 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 7.0.9
    Adobe® Photoshop® Album Starter Edition 3.2
    Adobe® Photoshop® Album Starter Edition 3.2
    aMSN 0.96
    Antidote
    AntiVir/XP
    Archiveur WinRAR
    ArcSoft Camera Suite
    ArcSoft Panorama Maker 3
    ArcSoft PhotoStudio Suite v2.0
    Assistant de connexion Windows Live
    AutoUpdate
    AVS DVDMenu Editor 1.2.1.19
    AVS Video Tools 5.6
    Barre d'outils MSN
    Bink and Smacker
    Bureau Médias de Kazaa 2.6.3
    CCleaner (remove only)
    Ciel Devis Factures
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Correctif pour Windows XP (KB914440)
    Correctif Windows XP - KB873333
    Correctif Windows XP - KB873339
    Correctif Windows XP - KB885250
    Correctif Windows XP - KB885835
    Correctif Windows XP - KB885836
    Correctif Windows XP - KB886185
    Correctif Windows XP - KB887472
    Correctif Windows XP - KB887742
    Correctif Windows XP - KB888113
    Correctif Windows XP - KB888302
    Correctif Windows XP - KB890047
    Correctif Windows XP - KB890175
    Correctif Windows XP - KB890859
    Correctif Windows XP - KB891781
    Correctif Windows XP - KB893086
    Creative Modem Blaster DI5733
    DAEMON Tools
    Digimax Master
    DiMAGE Viewer
    DivX
    DivX Player
    DivX Web Player
    DVD Shrink 3.2
    EPSON Attach To Email
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Easy Photo Print
    EPSON File Manager
    EPSON Image Clip Palette
    EPSON Logiciel imprimante
    EPSON Scan
    EPSON Scan Assistant
    EPSON Web-To-Page
    ESDX3800 Guide d'utilisation
    Express Dictate
    Express Scribe
    Friendly PPPoE v3.0.0.26
    Galerie de photos Windows Live
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB915800)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Internet Explorer Q903235
    ISSENDIS WebUpdate v6
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.1_04
    Java Web Start
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    KaraFun 1.01b
    Lecteur Windows Media 11
    Les Sims 2
    Logiciel WebCam de Labtec
    Medi@Show
    Media-motor
    Messenger Plus! 3
    Messenger Plus! Live
    Microsoft .NET Framework (French)
    Microsoft .NET Framework (French) v1.0.3705
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Global IME for Korean
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 6.0
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows XP (KB890046)
    Mise à jour de sécurité pour Windows XP (KB893066)
    Mise à jour de sécurité pour Windows XP (KB893756)
    Mise à jour de sécurité pour Windows XP (KB896358)
    Mise à jour de sécurité pour Windows XP (KB896422)
    Mise à jour de sécurité pour Windows XP (KB896423)
    Mise à jour de sécurité pour Windows XP (KB896424)
    Mise à jour de sécurité pour Windows XP (KB896428)
    Mise à jour de sécurité pour Windows XP (KB899587)
    Mise à jour de sécurité pour Windows XP (KB899588)
    Mise à jour de sécurité pour Windows XP (KB899591)
    Mise à jour de sécurité pour Windows XP (KB900725)
    Mise à jour de sécurité pour Windows XP (KB901017)
    Mise à jour de sécurité pour Windows XP (KB901214)
    Mise à jour de sécurité pour Windows XP (KB902400)
    Mise à jour de sécurité pour Windows XP (KB904706)
    Mise à jour de sécurité pour Windows XP (KB905414)
    Mise à jour de sécurité pour Windows XP (KB905749)
    Mise à jour de sécurité pour Windows XP (KB908519)
    Mise à jour de sécurité pour Windows XP (KB911280)
    Mise à jour de sécurité pour Windows XP (KB911562)
    Mise à jour de sécurité pour Windows XP (KB911567)
    Mise à jour de sécurité pour Windows XP (KB911927)
    Mise à jour de sécurité pour Windows XP (KB912812)
    Mise à jour de sécurité pour Windows XP (KB912919)
    Mise à jour de sécurité pour Windows XP (KB913446)
    Mise à jour de sécurité pour Windows XP (KB913580)
    Mise à jour de sécurité pour Windows XP (KB914388)
    Mise à jour de sécurité pour Windows XP (KB914389)
    Mise à jour de sécurité pour Windows XP (KB916281)
    Mise à jour de sécurité pour Windows XP (KB917159)
    Mise à jour de sécurité pour Windows XP (KB917344)
    Mise à jour de sécurité pour Windows XP (KB917422)
    Mise à jour de sécurité pour Windows XP (KB917953)
    Mise à jour de sécurité pour Windows XP (KB918118)
    Mise à jour de sécurité pour Windows XP (KB918439)
    Mise à jour de sécurité pour Windows XP (KB918899)
    Mise à jour de sécurité pour Windows XP (KB919007)
    Mise à jour de sécurité pour Windows XP (KB920213)
    Mise à jour de sécurité pour Windows XP (KB920214)
    Mise à jour de sécurité pour Windows XP (KB920670)
    Mise à jour de sécurité pour Windows XP (KB920683)
    Mise à jour de sécurité pour Windows XP (KB920685)
    Mise à jour de sécurité pour Windows XP (KB921398)
    Mise à jour de sécurité pour Windows XP (KB921503)
    Mise à jour de sécurité pour Windows XP (KB921883)
    Mise à jour de sécurité pour Windows XP (KB922616)
    Mise à jour de sécurité pour Windows XP (KB922760)
    Mise à jour de sécurité pour Windows XP (KB922819)
    Mise à jour de sécurité pour Windows XP (KB923191)
    Mise à jour de sécurité pour Windows XP (KB923414)
    Mise à jour de sécurité pour Windows XP (KB923694)
    Mise à jour de sécurité pour Windows XP (KB923980)
    Mise à jour de sécurité pour Windows XP (KB924191)
    Mise à jour de sécurité pour Windows XP (KB924270)
    Mise à jour de sécurité pour Windows XP (KB924496)
    Mise à jour de sécurité pour Windows XP (KB924667)
    Mise à jour de sécurité pour Windows XP (KB925486)
    Mise à jour de sécurité pour Windows XP (KB925902)
    Mise à jour de sécurité pour Windows XP (KB926255)
    Mise à jour de sécurité pour Windows XP (KB926436)
    Mise à jour de sécurité pour Windows XP (KB927779)
    Mise à jour de sécurité pour Windows XP (KB927802)
    Mise à jour de sécurité pour Windows XP (KB928255)
    Mise à jour de sécurité pour Windows XP (KB928843)
    Mise à jour de sécurité pour Windows XP (KB929123)
    Mise à jour de sécurité pour Windows XP (KB930178)
    Mise à jour de sécurité pour Windows XP (KB931261)
    Mise à jour de sécurité pour Windows XP (KB931784)
    Mise à jour de sécurité pour Windows XP (KB932168)
    Mise à jour de sécurité pour Windows XP (KB933729)
    Mise à jour de sécurité pour Windows XP (KB935839)
    Mise à jour de sécurité pour Windows XP (KB935840)
    Mise à jour de sécurité pour Windows XP (KB936021)
    Mise à jour de sécurité pour Windows XP (KB938829)
    Mise à jour de sécurité pour Windows XP (KB941202)
    Mise à jour de sécurité pour Windows XP (KB941568)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB943460)
    Mise à jour de sécurité pour Windows XP (KB944653)
    Mise à jour pour Windows XP (KB898461)
    Mise à jour pour Windows XP (KB900485)
    Mise à jour pour Windows XP (KB904942)
    Mise à jour pour Windows XP (KB908531)
    Mise à jour pour Windows XP (KB910437)
    Mise à jour pour Windows XP (KB916595)
    Mise à jour pour Windows XP (KB920872)
    Mise à jour pour Windows XP (KB922582)
    Mise à jour pour Windows XP (KB927891)
    Mise à jour pour Windows XP (KB929338)
    Mise à jour pour Windows XP (KB930916)
    Mise à jour pour Windows XP (KB931836)
    Mise à jour pour Windows XP (KB933360)
    Mise à jour pour Windows XP (KB936357)
    Mise à jour pour Windows XP (KB938828)
    Mise à jour pour Windows XP (KB942763)
    MSN Pictures Displayer 4.5
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    Musicmatch® Jukebox
    Navilog1 3.3.8
    NCH Toolbox Uninstall
    Nero - Burning Rom
    Neuf - Kit de connexion
    Nikon FotoShare
    Nikon Message Center
    NVIDIA Windows 2000/XP Display Drivers
    OFFICE One 150 Modèles de documents
    OFFICE One 6.5
    OFFICE One Clock 6.5
    OFFICE One Coffre Fort v6
    OFFICE One Color Picker 6.5
    OFFICE One Comptes Bancaires v6
    OFFICE One Fonts 6.5
    OFFICE One Guide 6.5
    OFFICE One Notes 6.5
    OFFICE One PC-Cillin v9
    OFFICE One PDF Manager 6.5
    OFFICE One Zip v6
    Password Detective 2.01
    PC-cillin 9
    Philips Key Ring Audio Player
    PictureProject
    PIF DESIGNER
    Pilote Webcam pour DiMAGE KONICA_MINOLTA
    PL-2303 USB-to-Serial
    Player Video TF1 version 2.1.1.114
    Power Video Karaoke
    PowerDVD
    PowerProducer
    Programme de gestion Camera de Labtec®
    QuickTime
    Readiris Pro 8
    RealPlayer
    River Past Video Slice
    RM Converter 3.24
    Salon Styler Pro
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Samsung PC Studio 3
    Samsung USB Driver
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Shareaza version 2.2.1.0
    Shockwave
    SoftKey Atlas Routier d'Europe
    SoftKey Atlas Routier de France
    SpywareBlaster v3.5.1
    Star Wars JK II Jedi Outcast
    StuffPlug 3
    UltraStar 0.5.3
    VideoLAN VLC media player 0.8.6a
    WebFldrs XP
    WinAVI Video Converter 7.7.1
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 2



    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\Program Files

    08/01/2008 14:53 <REP> .
    08/01/2008 14:53 <REP> ..
    08/01/2006 18:48 <REP> AC3Filter
    10/10/2007 22:59 <REP> Adobe
    05/11/2003 09:54 <REP> Ahead
    25/01/2006 00:10 <REP> amsn
    24/03/2005 15:24 1 348 242 Apr2005_d3dx9_25_x64.cab
    24/03/2005 15:24 1 079 850 Apr2005_d3dx9_25_x86.cab
    24/03/2005 15:24 911 188 Apr2005_MDX_x86.cab
    07/06/2005 19:47 <REP> ArcSoft
    14/05/2006 21:20 <REP> Audio Mid Recorder
    09/01/2008 00:13 <REP> AVPersonal
    14/09/2007 01:12 <REP> AVSMedia
    24/03/2005 15:24 703 080 BDA.cab
    24/03/2005 15:24 1 156 363 BDANT.cab
    24/03/2005 15:24 976 020 BDAXP.cab
    27/11/2007 22:18 <REP> BitComet
    31/12/2007 02:41 <REP> CCleaner
    05/11/2003 10:09 <REP> Ciel
    11/02/2006 17:35 <REP> Common Files
    03/11/2003 14:34 <REP> Creative
    10/04/2005 15:33 <REP> Creative Zone
    11/01/2004 00:52 <REP> CyberLink
    20/04/2004 19:25 <REP> DiMAGE Viewer
    24/03/2005 15:24 15 493 481 DirectX.cab
    23/10/2007 14:09 <REP> DivX
    27/05/2006 11:43 <REP> Doblon
    23/03/2006 22:53 <REP> Druide
    24/03/2005 15:24 72 400 DSETUP.dll
    24/03/2005 15:24 2 245 328 dsetup32.dll
    04/11/2005 16:13 <REP> D-Tools
    01/12/2005 23:39 <REP> DVD Shrink
    24/03/2005 15:24 13 265 040 dxnt.cab
    24/03/2005 15:24 480 976 DXSETUP.exe
    24/03/2005 15:24 66 520 dxupdate.cab
    06/11/2005 16:56 <REP> EA GAMES
    24/12/2007 00:18 <REP> eMule
    17/09/2007 19:18 <REP> epson
    22/05/2005 14:02 <REP> epsxe
    25/12/2007 03:25 <REP> Fichiers communs
    09/07/2004 20:44 <REP> Friendly Technologies
    27/12/2007 16:51 <REP> Grisoft
    14/12/2007 14:39 <REP> Internet Explorer
    05/11/2003 10:10 <REP> ISSENDIS
    26/10/2007 08:26 <REP> Java
    29/05/2006 00:24 <REP> Java Web Start
    01/06/2006 16:02 <REP> KaraFun
    23/10/2007 14:10 <REP> LimeWire
    14/09/2006 18:19 <REP> Logitech
    16/11/2004 20:17 <REP> LucasArts
    13/11/2004 15:25 <REP> McAfee
    23/09/2007 20:39 <REP> Messenger
    19/12/2007 23:16 <REP> Messenger Plus! Live
    28/09/2006 19:32 <REP> MessengerPlus! 3
    09/05/2007 00:05 <REP> Microsoft CAPICOM 2.1.0.2
    03/11/2003 09:56 <REP> microsoft frontpage
    27/09/2007 08:26 <REP> Microsoft SQL Server Compact Edition
    30/05/2006 17:50 <REP> Microsoft Works
    30/05/2006 17:50 <REP> Movie Maker
    03/11/2003 09:49 <REP> MSN
    12/09/2004 14:30 <REP> MSN Apps
    03/11/2003 09:49 <REP> MSN Gaming Zone
    19/12/2007 23:17 <REP> MSN Messenger
    23/09/2007 20:39 <REP> MSN Pictures Displayer
    25/08/2007 02:03 <REP> MSXML 4.0
    27/12/2004 02:52 <REP> MUSICMATCH
    05/07/2007 17:59 <REP> NCH Swift Sound
    28/05/2006 22:27 <REP> NetMeeting
    05/01/2008 22:26 <REP> Neuf
    07/06/2005 19:49 <REP> Nikon
    05/11/2003 10:10 <REP> OFFICE One Fonts
    23/03/2004 16:26 <REP> OFFICE ONE6.5
    15/06/2007 02:07 <REP> Outlook Express
    30/10/2005 12:12 <REP> Pack Securite
    04/05/2006 22:41 <REP> Password Detective
    27/12/2004 02:43 <REP> PHILIPS
    19/09/2006 19:53 <REP> Player Video TF1
    28/10/2007 15:51 <REP> QuickTime
    14/09/2007 01:13 <REP> RADVideo
    04/06/2006 13:28 <REP> Readiris Pro 8
    01/09/2004 14:56 <REP> Real
    08/06/2006 19:03 <REP> RM Converter
    17/12/2007 00:22 <REP> Samsung
    03/11/2003 09:51 <REP> Services en ligne
    23/12/2005 00:02 <REP> Shareaza
    08/12/2003 18:48 <REP> SoftKey
    07/01/2008 13:44 <REP> SpywareBlaster
    18/01/2007 21:38 <REP> StuffPlug3
    29/12/2007 16:29 <REP> Trend Micro
    27/09/2007 19:33 <REP> UltraStar
    05/04/2004 19:30 <REP> user
    18/02/2007 20:50 <REP> VideoLAN
    16/02/2007 23:31 <REP> WinAVI Video Converter
    27/12/2007 20:16 <REP> Windows Desktop Search
    01/12/2007 03:05 <REP> Windows Live
    29/01/2007 18:40 <REP> Windows Live Safety Center
    16/12/2006 14:13 <REP> Windows Media Connect 2
    30/11/2006 17:52 <REP> Windows Media Player
    28/05/2006 22:27 <REP> Windows NT
    22/04/2005 18:18 <REP> WinRAR
    03/11/2003 09:56 <REP> xerox
    12 fichier(s) 37 798 488 octets
    89 Rép(s) 15 814 488 064 octets libres
    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\Program Files\fichiers communs

    25/12/2007 03:25 <REP> .
    25/12/2007 03:25 <REP> ..
    10/10/2007 22:59 <REP> Adobe
    14/09/2007 01:29 <REP> AVSMedia
    05/11/2003 10:09 <REP> Borland Shared
    27/05/2006 11:43 <REP> Doblon
    05/11/2004 19:14 <REP> dpalnbhl
    04/12/2006 20:47 <REP> FTL Shared
    17/09/2007 19:29 <REP> InstallShield
    15/03/2006 22:31 <REP> Java
    14/09/2006 18:19 <REP> Logitech
    27/09/2007 07:33 <REP> Microsoft Shared
    03/11/2003 09:50 <REP> MSSoap
    02/07/2005 23:37 <REP> Nikon
    03/11/2003 09:46 <REP> ODBC
    01/09/2004 14:56 <REP> Real
    27/05/2006 12:49 <REP> River Past
    03/11/2003 09:50 <REP> Services
    03/11/2003 09:46 <REP> SpeechEngines
    15/06/2007 02:07 <REP> System
    06/11/2005 22:44 <REP> Talkway
    01/09/2004 14:56 <REP> xing shared
    0 fichier(s) 0 octets
    22 Rép(s) 15 814 488 064 octets libres
    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    03/11/2003 09:59 <REP> .
    03/11/2003 09:59 <REP> ..
    18/05/2001 17:57 561 209 MSONSEXT.DLL
    03/06/1999 14:09 122 937 MSOWS409.DLL
    07/03/2001 09:00 127 033 MSOWS40c.DLL
    3 fichier(s) 811 179 octets
    2 Rép(s) 15 814 488 064 octets libres
    Le volume dans le lecteur C s'appelle Disque local
    Le numéro de série du volume est 0CD9-A371

    Répertoire de C:\Program Files\common files

    11/02/2006 17:35 <REP> .
    11/02/2006 17:35 <REP> ..
    11/02/2006 17:35 <REP> MICROS~1
    12/07/2005 18:23 <REP> System
    12/11/2007 15:54 <REP> updmgr
    0 fichier(s) 0 octets
    5 Rép(s) 15 814 483 968 octets libres




    c:\Documents and Settings\trial_setup.exe
    c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut1_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut2_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\Administrateur.PCTEK\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Administrateur.PCTEK\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut1_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\Administrateur.PCTEK\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut2_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\ANTHONY PIRES\ImageReady.exe
    c:\Documents and Settings\ANTHONY PIRES\Photoshop.exe
    c:\Documents and Settings\ANTHONY PIRES\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
    c:\Documents and Settings\ANTHONY PIRES\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\ARPPRODUCTICON.exe
    c:\Documents and Settings\ANTHONY PIRES\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut1_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\ANTHONY PIRES\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut2_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\ComboFix.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\HJTInstall.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\VundoFix.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\BTFix\BTFix.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\clean\clean\gzip.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\clean\clean\LFiles.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\clean\clean\pskill.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\clean\clean\tar.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\catchme.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\diff.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\dumphive.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\find2.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\Fport.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\grep.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\gzip.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\LFiles.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\md5sums.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\pslist.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\sigcheck.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\streams.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\swreg.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\DiagHelp\DiagHelp\tar.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\Les Sims2\Sims.exe
    c:\Documents and Settings\ANTHONY PIRES\Bureau\PSEmuPro\PSEmu.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\Accentuation.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\Créer bouton.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\Enregistrement multiformat.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\GIF (128 couleurs).exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\GIF (64 couleurs).exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\GIF(32, pas de tramage).exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\JPEG (qualité 10).exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\JPEG (qualité 30).exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\JPEG (qualité 60).exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\Limiter 350, JPG 30.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\Limiter à 200x200 pixels.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets ImageReady\Limiter à 64X64 pixels.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Changer mode conditionnel.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Créer bouton.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Créer ton sépia.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Enreg au format JPEG Moy.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Enreg au format PDF PS.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Image avec ombre portée.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Limiter à 300 pixels.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Limiter à 64 pixels.exe
    c:\Documents and Settings\ANTHONY PIRES\Exemples\Droplets\Droplets Photoshop\Photo ancienne.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\ac3filter_0_70b.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\Alcohol120_trial_1_9_2_1705.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\avwinsfx.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\cilupdt.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\daemon347.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\karafun_095.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\pack_securite.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\RADTools.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sdat4483.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\Shareaza_2.1.0.0.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\centre\patch7.5.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\divers\wmp11-windowsxp-x86-fr-fr.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\Downloads\Shareaza_2.2.1.0 (1).exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\Downloads\Shareaza_2.2.1.0.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\Ma musique\ancien kazaa\kaZaAlitek++[1].exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\Mes fichiers reçus\de moi pour toi(1).exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\Nouveau dossier\RunGame.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\ntidote 5 Fr (Correcteur - Synonymes - Dictionnaire - Conjugueur - Grammaire)\antido\Antidote MP v5 2002\Installe.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\ntidote 5 Fr (Correcteur - Synonymes - Dictionnaire - Conjugueur - Grammaire)\antido\Antidote MP v5 2002\DISK1\_ISDEL.EXE
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\ntidote 5 Fr (Correcteur - Synonymes - Dictionnaire - Conjugueur - Grammaire)\antido\Antidote MP v5 2002\DISK1\SETUP.EXE
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\ntidote 5 Fr (Correcteur - Synonymes - Dictionnaire - Conjugueur - Grammaire)\antido\Antidote MP v5 2002\MISE A JOUR VERS LA VERSION 5\Maj_AntidoteMPv1_v5.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\Antidote 5 Fr (Correcteur - Synonymes - Dictionnaire - Conjugueur - Grammaire)\antido\Antidote MP v5 2002\Installe.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\Antidote 5 Fr (Correcteur - Synonymes - Dictionnaire - Conjugueur - Grammaire)\antido\Antidote MP v5 2002\MISE A JOUR VERS LA VERSION 5\Maj_AntidoteMPv1_v5.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\Antidote Prisme v6 FULL + Keygen par Secret\Antidote.2004.Prisme.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\Antidote Prisme v6 FULL + Keygen par Secret\AntidotePrismev1_v5.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\Antidote Prisme v6 FULL + Keygen par Secret\Maj_AntidotePrismev5_v6.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\Antidote Prisme v6 FULL + Keygen par Secret\AntidotePrismev6keygen - by Secret\KeygenAntidotePrismeV6.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\brutus\BrutusA2.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\BTFix[1]\BTFix\BTFix.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\compressed\Sims2_uninst.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\compressed\TSBin\Sims2.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\epsxe160\ePSXe.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\HiJackThis[1]\HijackThis.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\Ultrastar-es-0.6.1\UltraStar.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\WinXP\DrvRemover.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\AutoRun.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\eauninstall.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\RunGame.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\setup.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\cd2\RunGame.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\cd3\RunGame.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\cd4\RunGame.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\cd4\Mise A Jour\les_sims_2_patch_v1.0.0.994_multi-langues_13714.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\Crack\Sims2.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\CSBin\PackageInstaller.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\CSBin\TS2BodyShop.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\DirectX\dxsetup.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\AutoRun.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\eauninstall.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\Sims2EP1_uninst.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\Support\EasyInfo.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\Support\EReg.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\Support\go_ez.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\Support\The Sims 2 University_code.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\Support\The Sims 2 University_uninst.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\TSBin\Sims2EP1.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd1\TSBin\TS2UPD.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\sims academie\cd2\RunGame.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\Support\EasyInfo.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\Support\EReg.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\Support\The Sims 2_code.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\Support\The Sims 2_uninst.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\TSBin\First15.exe
    c:\Documents and Settings\ANTHONY PIRES\Mes documents\sims2\VP6\vp6install.exe
    c:\Documents and Settings\ANTHONY PIRES\Required\Droplet Template.exe
    c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut1_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut2_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\MELANIE PIRES\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\ARPPRODUCTICON.exe
    c:\Documents and Settings\MELANIE PIRES\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut1_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\MELANIE PIRES\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut2_86399190A8D6415886C824080024A1F3.exe
    c:\Documents and Settings\MELANIE PIRES\Mes documents\PhotoshopAlbum.exe
    c:\Documents and Settings\PROPRI~1\LOCALS~1\Temp\is-90ATR.tmp\PcCillinv9\unins000.exe
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
    c:\Documents and Settings\ANTHONY PIRES\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\ANTHONY PIRES\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
    c:\Documents and Settings\ANTHONY PIRES\Application Data\Microsoft\IdentityCRL\Production\ppcrlui.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    c:\Documents and Settings\MELANIE PIRES\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_PCTEK.tar.gz a l'adresse http://upload.malekal.com
    9 Janvier 2008 20:58:23

    voila g enfin reussi a lenvoyé completemt!!!
    sinon gje n'ai pas le cd windows c grave?
    merci
    9 Janvier 2008 22:03:23

    re
    ça complique les choses :/ 

    Tu as un fichier système infecté --->
    C:\WINDOWS\system32\drivers\tcpip.sys


    Fais ceci pour remettre l'original, en mode sans échec (sans le support réseau) :

    Regarder d'abord si tu trouves tcpip.sys dans le dossiers suivant :
    C:\WINDOWS\ServicePackFiles\i386

    Tu le recopie dans C:\WINDOWS\system32\drivers\

    (j'ai vérifié chez moi, il est dans cet emplacement)
    9 Janvier 2008 22:46:55

    bsr,
    j'ai bien trouvé le fichier tcpip.sys dans:

    C:\WINDOWS\ServicePackFiles\i386

    et je l'ai copié dans C:\WINDOWS\system32\drivers\

    dois je l'effacerdu premier dossier?
    10 Janvier 2008 00:35:51

    genial j'ai a nouveau une connection mon parefeu est réactivé et je ne suis plus redirigé quand je fais une recherche sur google
    je ne sait pas si le nettoyage de mon pc est terminé mais en tout cas merci beaucoup!
    10 Janvier 2008 12:02:59

    bonjour

    Citation :
    j'ai bien trouvé le fichier tcpip.sys dans:

    C:\WINDOWS\ServicePackFiles\i386

    et je l'ai copié dans C:\WINDOWS\system32\drivers\

    dois je l'effacerdu premier dossier?


    non, surtout pas. (ça pourra te resservir peut-être un jour)

    on continue:

    ~ Télécharge Clean de Malekal
    http://www.malekal.com/download/clean.zip

    Enregistre-le sur ton bureau et dézippe-le
    Cela va créer un dossier clean.
    Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
    Double-clic sur clean.cmd.
    Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
    Clean va travailler.
    Poste le contenu du rapport généré en C:\rapport_clean.txt.
    10 Janvier 2008 13:56:09

    bonjour,
    merci pour le conseil voici le rapport clean

    10/01/2008 a 13:18:37,14

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    10 Janvier 2008 17:08:47

    re

    curieux, Diaghelp montre le fichier:
    C:\WINDOWS\system32\dmcpl.exe
    Clean nettoie ce ver:
    http://www.bleepingcomputer.com/startups/dmcpl.exe-1098...

    désinstalle correctement PC-cillin 9 de Trend Micro
    désinstaller -antivirus

    supprime: C:\qoobox
    ça devrait bientôt se terminer :) 

    +++++++++++++
    ~Télécharge AVG anti-spyware.
    http://www.ewido.net/en/download/
    ~Mets le à jour.

    ~Télécharge CCleaner:

    http://www.filehippo.com/download_ccleaner/

    ~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"


    1

    Redémarre en mode sans échec. (f8 au démarrage)

    2


    ~Lance CCleaner:

    Clique sur le bouton chercher les erreurs, tu fais « réparer les erreurs »
    Clique sur le bouton nettoyage, tu fais « lancer le nettoyage ».


    3

    ~Lance AVG anti-spyware.

    ~Dans l’onglet analyse, dans Paramètre, clique sur Actions recommandées : choisis Quarantaine.

    ~Clique sur Analyse puis Analyse complète du système pour commencer le scan.

    ~Une fois que le scan est terminé, clique sur Appliquer toutes les actions, pour supprimer tous les fichiers infectés trouvés par AVG Anti-Spyware.

    ~Une fois que la suppression des fichiers infectés a été faite, clique sur enregistrer le rapport et sauvegarde-le sur le bureau.
    ~Redémarre normalement

    4


    ~Copie/Colle le rapport AVG anti-spyware.

    +++++++++++++++++++++++++++++++++
    Tuto de CCleaner: (merci à Malekal) .
    http://www.malekal.com/tutorial_CCleaner.html

    TutoAVG antispyware : (merci à Malekal) .
    http://www.malekal.com/tutorial_AVG_AntiSpyware.html






    11 Janvier 2008 20:35:58

    bjr,
    voici mon rapport avg

    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 20:24:32 11/01/2008

    + Résultat de l'analyse:



    C:\Program Files\AVPersonal\INFECTED\DRFXKTD.EXE.VIR -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\qkhqdzsdvd.exe -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-21-1451970963-2533054440-1655813789-1006\Software\aurora -> Adware.BetterInternet : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\PerfectNav\BHO -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\PerfectNav\BHO\HomePage -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\PerfectNav\BHO\RedirectURLS -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\updmgr -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\AVPersonal\INFECTED\MSCLOCK32.DLL.001 -> Adware.NaviPromo : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\AVPersonal\INFECTED\MSCLOCK32.DLL.VIR -> Adware.NaviPromo : Nettoyé et sauvegardé (mise en quarantaine).
    HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-21-1451970963-2533054440-1655813789-1006\Software\PowerScan -> Adware.PowerScan : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080106-000401-902.dll -> Adware.SpywareStorm : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-21-1451970963-2533054440-1655813789-1006\Software\Bolger -> Adware.VX2 : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080108-141315-227.dll -> Backdoor.Ghost.34 : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\SCD32.dll -> Dialer.Bienvenido : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{187A9D9F-594C-42B9-99AF-D93181EA7583}\RP2\A0000091.dll -> Downloader.Agent.hbp : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\AVPersonal\INFECTED\updmgr.VIR -> Downloader.Keenval : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\AVPersonal\INFECTED\farmmext.VIR -> Downloader.Stubby.c : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\OFFICE One Zip\brutus\BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\brutus.zip/BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\mailpv_fr.zip/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Nettoyé.
    C:\Documents and Settings\LocalService\Cookies\anthony pires@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie_pires@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@cliks[2].txt -> TrackingCookie.Cliks : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\LocalService\Cookies\anthony pires@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@webpdp.gator[1].txt -> TrackingCookie.Gator : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@realmedia[2].txt -> TrackingCookie.Realmedia : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie_pires@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie pires@gold.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie_pires@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\MELANIE PIRES\Cookies\melanie_pires@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Program Files\AVPersonal\INFECTED\wlwhufb.VIR -> Trojan.Agent.ay : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\AVPersonal\INFECTED\DRPMON.DLL.VIR -> Trojan.Agent.db : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080106-000351-646.dll -> Trojan.BHO.agz : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080106-020456-264.dll -> Trojan.BHO.agz : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\Mes fichiers reçus\de moi pour toi(1).exe -> Trojan.Delf.tm : Nettoyé et sauvegardé (mise en quarantaine).


    Fin du rapport
    11 Janvier 2008 23:03:23

    bonsoir

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/

    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Tuto du scan en ligne
    13 Janvier 2008 03:08:18

    bonsoir,
    j'ai fais le scan mais une fois terminé il me donne juste le tps le nb de fichiers infecté etc... pas de scan je c pa si j'ai mal fait quelque chose donc je recommencerai demain car l' analyse a quand meme durée 4 heures
    a demain
    13 Janvier 2008 15:10:15

    bonjour

    ok
    prends le temps de le faire car j'en ai besoin pour terminer :) 
    c'est juste un scan, c'est moi qui te ferais enlever les fichiers infectieux s'il y en a.

    relis le tuto de mon message précédent
    14 Janvier 2008 00:05:09

    bonsoir
    g recommencé et cette fois ca a marché le scan est apparu voici le resultat

    KASPERSKY ON-LINE SCANNER REPORT
    Monday, January 14, 2008 12:02:54 AM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 13/01/2008
    Enregistrements dans la base antivirus Kaspersky : 476496
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Statistiques de l'analyse:
    Total d'objets analysés: 98740
    Nombre de virus trouvés: 3
    Nombre d'objets infectés: 266 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 04:17:40

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\ANTHONY PIRES\Application Data\user60.rdb L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Boîte de réception.dbx/[From jose.dasilva10@wanadoo.fr][Date Thu, 1 Jul 2004 10:23:22 +0200]/UNNAMED/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Boîte de réception.dbx/[From jose.dasilva10@wanadoo.fr][Date Thu, 1 Jul 2004 10:23:22 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Boîte de réception.dbx Mail MS Outlook 5: infecté - 2 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments envoyés.dbx/[From "ivo manuel pires" <melton@club-internet.fr>][Date Sun, 20 Jun 2004 16:32:54 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments envoyés.dbx/[From "ivo manuel pires" <melton@club-internet.fr>][Date Sun, 20 Jun 2004 16:32:54 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments envoyés.dbx Mail MS Outlook 5: infecté - 2 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From moilolarb@hotmail.com][Date Sun, 13 Jun 2004 23:53:47 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From moilolarb@hotmail.com][Date Sun, 13 Jun 2004 23:53:47 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Fri, 8 Oct 2004 17:50:29 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Fri, 8 Oct 2004 17:50:29 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Fri, 29 Oct 2004 13:50:43 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Fri, 29 Oct 2004 13:50:43 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From piccolo_clv@yahoo.fr][Date Tue, 29 Jun 2004 14:32:54 +0200]/UNNAMED/message_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From piccolo_clv@yahoo.fr][Date Tue, 29 Jun 2004 14:32:54 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From ay.96726375.161613.0@reply.ebay.com][Date Sat, 26 Jun 2004 21:43:13 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From ay.96726375.161613.0@reply.ebay.com][Date Sat, 26 Jun 2004 21:43:13 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From clickandopt@clickandopt.net][Date Tue, 22 Jun 2004 23:15:10 +0200]/UNNAMED/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From clickandopt@clickandopt.net][Date Tue, 22 Jun 2004 23:15:10 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Sun, 26 Sep 2004 20:19:29 +0200]/UNNAMED/document_word.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Sun, 26 Sep 2004 20:19:29 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 26 Sep 2004 17:12:38 +0200]/UNNAMED/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 26 Sep 2004 17:12:38 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Mon, 27 Sep 2004 19:12:11 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Mon, 27 Sep 2004 19:12:11 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Tue, 28 Sep 2004 15:46:36 +0200]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Tue, 28 Sep 2004 15:46:36 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 28 Sep 2004 18:41:25 +0200]/UNNAMED/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 28 Sep 2004 18:41:25 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 29 Sep 2004 20:13:16 +0200]/UNNAMED/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 29 Sep 2004 20:13:16 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 15:41:38 +0200]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 15:41:38 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 1 Oct 2004 19:33:06 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 1 Oct 2004 19:33:06 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 5 Oct 2004 22:14:22 +0200]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 5 Oct 2004 22:14:22 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 6 Oct 2004 19:11:13 +0200]/UNNAMED/all_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 6 Oct 2004 19:11:13 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 9 Oct 2004 12:23:44 +0200]/UNNAMED/mp3music.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 9 Oct 2004 12:23:44 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 10 Oct 2004 20:47:18 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 10 Oct 2004 20:47:18 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Mon, 11 Oct 2004 18:07:08 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Mon, 11 Oct 2004 18:07:08 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 12 Oct 2004 17:17:41 +0200]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 12 Oct 2004 17:17:41 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Wed, 13 Oct 2004 18:29:22 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Wed, 13 Oct 2004 18:29:22 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Fri, 15 Oct 2004 18:59:04 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Fri, 15 Oct 2004 18:59:04 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 16 Oct 2004 12:41:13 +0200]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 16 Oct 2004 12:41:13 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From piresanthony@hotmail.com][Date Sat, 16 Oct 2004 17:09:26 +0200]/UNNAMED/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From piresanthony@hotmail.com][Date Sat, 16 Oct 2004 17:09:26 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 17 Oct 2004 18:52:44 +0200]/UNNAMED/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 17 Oct 2004 18:52:44 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 673559a01c61197@www.cosmos.com.mx][Date Mon, 18 Oct 2004 19:10:50 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 673559a01c61197@www.cosmos.com.mx][Date Mon, 18 Oct 2004 19:10:50 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:07:35 +0200]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:07:35 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED/[From [84.97.27.29]]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:15:08 +0200]/message_part2.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED/[From [84.97.27.29]]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 416e20283@mailci.in.t-online.fr][Date Tue, 19 Oct 2004 19:27:39 +0200]/UNNAMED/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From 416e20283@mailci.in.t-online.fr][Date Tue, 19 Oct 2004 19:27:39 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 20 Oct 2004 19:55:54 +0200]/UNNAMED/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 20 Oct 2004 19:55:54 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Wed, 20 Oct 2004 21:27:09 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Wed, 20 Oct 2004 21:27:09 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Thu, 21 Oct 2004 17:38:27 +0200]/UNNAMED/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Thu, 21 Oct 2004 17:38:27 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From piresanthony@hotmail.com][Date Fri, 22 Oct 2004 17:41:41 +0200]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From piresanthony@hotmail.com][Date Fri, 22 Oct 2004 17:41:41 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 23 Oct 2004 12:04:28 +0200]/UNNAMED/message_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 23 Oct 2004 12:04:28 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Sun, 24 Oct 2004 15:01:52 +0200]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Sun, 24 Oct 2004 15:01:52 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Mon, 25 Oct 2004 12:29:02 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Mon, 25 Oct 2004 12:29:02 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Tue, 26 Oct 2004 12:47:34 +0200]/UNNAMED/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Tue, 26 Oct 2004 12:47:34 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 27 Oct 2004 12:55:23 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 27 Oct 2004 12:55:23 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From saphyrine@hotmail.com][Date Fri, 29 Oct 2004 18:12:57 +0200]/UNNAMED/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From saphyrine@hotmail.com][Date Fri, 29 Oct 2004 18:12:57 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED/[From [84.97.25.115]]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Fri, 29 Oct 2004 18:18:34 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED/[From [84.97.25.115]]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 30 Oct 2004 14:16:24 +0200]/UNNAMED/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 30 Oct 2004 14:16:24 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED/[From [84.97.23.104]]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Sun, 31 Oct 2004 16:27:39 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED/[From [84.97.23.104]]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From postmaster@isp.9tel.net][Date Sun, 31 Oct 2004 16:26:10 +0100]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From postmaster@isp.9tel.net][Date Sun, 31 Oct 2004 16:26:10 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 1 Nov 2004 12:37:57 +0100]/UNNAMED/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 1 Nov 2004 12:37:57 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 2 Nov 2004 20:26:31 +0100]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 2 Nov 2004 20:26:31 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Sat, 6 Nov 2004 21:35:49 +0100]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Sat, 6 Nov 2004 21:35:49 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 7 Nov 2004 14:56:03 +0100]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 7 Nov 2004 14:56:03 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Mon, 8 Nov 2004 21:29:01 +0100]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From skoorpio@yahoo.com][Date Mon, 8 Nov 2004 21:29:01 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Tue, 9 Nov 2004 18:00:37 +0100]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From manuel.piresivo@neuf.fr][Date Tue, 9 Nov 2004 18:00:37 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Wed, 10 Nov 2004 17:47:09 +0100]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Wed, 10 Nov 2004 17:47:09 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Thu, 11 Nov 2004 12:26:45 +0100]/UNNAMED/document_full.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Thu, 11 Nov 2004 12:26:45 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Fri, 12 Nov 2004 19:33:01 +0100]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From franetunas@tele2.fr][Date Fri, 12 Nov 2004 19:33:01 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 12 Nov 2004 23:19:42 +0100]/UNNAMED/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 12 Nov 2004 23:19:42 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 13 Nov 2004 15:33:35 +0100]/UNNAMED/your_website.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 13 Nov 2004 15:33:35 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx Mail MS Outlook 5: infecté - 119 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\dfsr.db L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\fsr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\fsrtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\tmp.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Contacts\piresanthony@hotmail.com\real\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Contacts\piresanthony@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\012E3481-0000004F.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 9 Oct 2004 12:23:44 +0200]/mp3music.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\012E3481-0000004F.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\01BF1B35-00000033.eml/[From clickandopt@clickandopt.net][Date Tue, 22 Jun 2004 23:15:10 +0200]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\01BF1B35-00000033.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\038D74E5-0000005A.eml/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:07:35 +0200]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\038D74E5-0000005A.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0452258D-00000052.eml/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 12 Oct 2004 17:17:41 +0200]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0452258D-00000052.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\04A36ED6-00000034.eml/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\04A36ED6-00000034.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\04F05412-00000077.eml/[From jose.dasilva10@wanadoo.fr][Date Thu, 11 Nov 2004 12:26:45 +0100]/document_full.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\04F05412-00000077.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\089B0AFE-00000048.eml/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 15:41:38 +0200]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\089B0AFE-00000048.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\08CE15EA-00000063.eml/[From franetunas@tele2.fr][Date Mon, 25 Oct 2004 12:29:02 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\08CE15EA-00000063.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0C2D05DE-0000004E.eml/[From franetunas@tele2.fr][Date Fri, 8 Oct 2004 17:50:29 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0C2D05DE-0000004E.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0C454D4F-00000053.eml/[From manuel.piresivo@neuf.fr][Date Wed, 13 Oct 2004 18:29:22 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0C454D4F-00000053.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0D3C1515-0000006E.eml/[From manuel.piresivo@neuf.fr][Date Mon, 1 Nov 2004 12:37:57 +0100]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\0D3C1515-0000006E.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\13876F48-00000067.eml/[From franetunas@tele2.fr][Date Wed, 27 Oct 2004 18:32:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\13876F48-00000067.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\143750FB-00000042.eml/[From manuel.piresivo@neuf.fr][Date Sun, 26 Sep 2004 20:19:29 +0200]/document_word.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\143750FB-00000042.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\186F3E7F-0000005D.eml/[From jose.dasilva10@wanadoo.fr][Date Wed, 20 Oct 2004 19:55:54 +0200]/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\186F3E7F-0000005D.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1AB33200-00000070.eml/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 2 Nov 2004 20:26:31 +0100]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1AB33200-00000070.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1C9843C2-00000058.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 17 Oct 2004 18:52:44 +0200]/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1C9843C2-00000058.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1F161225-00000056.eml/[From jose.dasilva10@wanadoo.fr][Date Sat, 16 Oct 2004 12:41:13 +0200]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1F161225-00000056.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1F1A124F-00000069.eml/[From saphyrine@hotmail.com][Date Fri, 29 Oct 2004 18:12:57 +0200]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\1F1A124F-00000069.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\21391814-00000078.eml/[From franetunas@tele2.fr][Date Fri, 12 Nov 2004 19:33:01 +0100]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\21391814-00000078.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\22564014-00000057.eml/[From piresanthony@hotmail.com][Date Sat, 16 Oct 2004 17:09:26 +0200]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\22564014-00000057.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\24FA2BCC-00000035.eml/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\24FA2BCC-00000035.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\260315C3-0000006C.eml/[From [84.97.23.104]][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Sun, 31 Oct 2004 16:27:39 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\260315C3-0000006C.eml/[From [84.97.23.104]][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\260315C3-0000006C.eml Mail: infecté - 2 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\28603709-00000044.eml/[From jose.dasilva10@wanadoo.fr][Date Mon, 27 Sep 2004 19:12:11 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\28603709-00000044.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\28EF1F0F-00000071.eml/[From manuel.piresivo@neuf.fr][Date Sat, 6 Nov 2004 21:35:49 +0100]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\28EF1F0F-00000071.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\2EC37664-00000079.eml/[From jose.dasilva10@wanadoo.fr][Date Fri, 12 Nov 2004 23:19:42 +0100]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\2EC37664-00000079.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\31B2469C-0000005F.eml/[From skoorpio@yahoo.com][Date Thu, 21 Oct 2004 17:38:27 +0200]/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\31B2469C-0000005F.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\320C1608-0000006D.eml/[From postmaster@isp.9tel.net][Date Sun, 31 Oct 2004 16:26:10 +0100]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\320C1608-0000006D.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\37921A53-00000072.eml/[From jose.dasilva10@wanadoo.fr][Date Sun, 7 Nov 2004 14:56:03 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\37921A53-00000072.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3B806DC2-00000051.eml/[From francesco.vasciarelli@wanadoo.fr][Date Mon, 11 Oct 2004 18:07:08 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3B806DC2-00000051.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3C4B2373-00000038.eml/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3C4B2373-00000038.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3C6916AE-00000074.eml/[From manuel.piresivo@neuf.fr][Date Tue, 9 Nov 2004 18:00:37 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3C6916AE-00000074.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3CD271CB-00000049.eml/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 20:15:02 +0200]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3CD271CB-00000049.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3E574BC9-00000059.eml/[From 673559a01c61197@www.cosmos.com.mx][Date Mon, 18 Oct 2004 19:10:50 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\3E574BC9-00000059.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\40AA1487-00000068.eml/[From franetunas@tele2.fr][Date Fri, 29 Oct 2004 13:50:43 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\40AA1487-00000068.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\442555E2-0000007A.eml/[From jose.dasilva10@wanadoo.fr][Date Sat, 13 Nov 2004 15:33:35 +0100]/your_website.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\442555E2-0000007A.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\454831E8-00000036.eml/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\454831E8-00000036.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\46EF1B23-00000061.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 23 Oct 2004 12:04:28 +0200]/message_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\46EF1B23-00000061.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4D1250E8-00000018.eml/[From moilolarb@hotmail.com][Date Sun, 13 Jun 2004 23:53:47 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4D1250E8-00000018.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4EA33640-00000043.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 26 Sep 2004 17:12:38 +0200]/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4EA33640-00000043.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4EAE2EBE-0000006B.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 30 Oct 2004 14:16:24 +0200]/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4EAE2EBE-0000006B.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4F7531C4-00000050.eml/[From jose.dasilva10@wanadoo.fr][Date Sun, 10 Oct 2004 20:47:18 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4F7531C4-00000050.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4F90241F-0000006A.eml/[From [84.97.25.115]][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Fri, 29 Oct 2004 18:18:34 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4F90241F-0000006A.eml/[From [84.97.25.115]][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\4F90241F-0000006A.eml Mail: infecté - 2 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\52DB7F2E-00000064.eml/[From skoorpio@yahoo.com][Date Tue, 26 Oct 2004 12:47:34 +0200]/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\52DB7F2E-00000064.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\53344EED-0000004A.eml/[From jose.dasilva10@wanadoo.fr][Date Fri, 1 Oct 2004 19:33:06 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\53344EED-0000004A.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\56667999-00000073.eml/[From skoorpio@yahoo.com][Date Mon, 8 Nov 2004 21:29:01 +0100]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\56667999-00000073.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\59126B26-0000004B.eml/[From moilolarb@hotmail.com][Date Sat, 2 Oct 2004 18:58:06 +0200]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\59126B26-0000004B.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\5D241057-0000005C.eml/[From 416e20283@mailci.in.t-online.fr][Date Tue, 19 Oct 2004 19:27:39 +0200]/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\5D241057-0000005C.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\5E351FEF-00000047.eml/[From jose.dasilva10@wanadoo.fr][Date Wed, 29 Sep 2004 20:13:16 +0200]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\5E351FEF-00000047.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\60F216DE-00000065.eml/[From jose.dasilva10@wanadoo.fr][Date Tue, 26 Oct 2004 22:47:41 +0200]/message_part2.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRE
    14 Janvier 2008 00:09:21

    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\65BB6DFD-00000030.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\66F25CA0-0000005E.eml/[From skoorpio@yahoo.com][Date Wed, 20 Oct 2004 21:27:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\66F25CA0-0000005E.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\67232E3D-00000062.eml/[From franetunas@tele2.fr][Date Sun, 24 Oct 2004 15:01:52 +0200]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\67232E3D-00000062.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\67F13B5F-00000075.eml/[From francesco.vasciarelli@wanadoo.fr][Date Wed, 10 Nov 2004 17:47:09 +0100]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\67F13B5F-00000075.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\682F4C70-00000060.eml/[From piresanthony@hotmail.com][Date Fri, 22 Oct 2004 17:41:41 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\682F4C70-00000060.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\6A1339BE-0000004C.eml/[From jose.dasilva10@wanadoo.fr][Date Tue, 5 Oct 2004 22:14:22 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\6A1339BE-0000004C.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\6C23250A-0000005B.eml/[From [84.97.27.29]][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:15:08 +0200]/message_part2.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\6C23250A-0000005B.eml/[From [84.97.27.29]][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\6C23250A-0000005B.eml Mail: infecté - 2 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\6D505BE4-00000054.eml/[From piresanthony@hotmail.com][Date Thu, 14 Oct 2004 17:20:13 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\6D505BE4-00000054.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\75206538-00000066.eml/[From jose.dasilva10@wanadoo.fr][Date Wed, 27 Oct 2004 12:55:23 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\75206538-00000066.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\75B62E81-00000031.eml/[From ay.96726375.161613.0@reply.ebay.com][Date Sat, 26 Jun 2004 21:43:13 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\75B62E81-00000031.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\7C1E391D-00000045.eml/[From franetunas@tele2.fr][Date Tue, 28 Sep 2004 15:46:36 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\7C1E391D-00000045.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\7C8E0CCB-00000055.eml/[From francesco.vasciarelli@wanadoo.fr][Date Fri, 15 Oct 2004 18:59:04 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\7C8E0CCB-00000055.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\7F1B1123-00000046.eml/[From jose.dasilva10@wanadoo.fr][Date Tue, 28 Sep 2004 18:41:25 +0200]/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\7F1B1123-00000046.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\34DE3C1B-00000017.eml/[From "ivo manuel pires" <melton@club-internet.fr>][Date Sun, 20 Jun 2004 16:32:54 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\34DE3C1B-00000017.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\41C96C02-00000018.eml/[From "ivo manuel pires" <melton@club-internet.fr>][Date Sun, 20 Jun 2004 16:35:42 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\41C96C02-00000018.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Historique\History.IE5\MSHist012008011320080114\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DF7B70.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DF7CE3.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DF7FB8.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DFF93A.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DFFDCD.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\Mes archives de conversations\janvier 2008\brunolepro@hotmail.fr.html L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\Mes archives de conversations\janvier 2008\Historique des Évènements.xml L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{187A9D9F-594C-42B9-99AF-D93181EA7583}\RP5\A0000393.dll Infecté : Trojan.Win32.BHO.agz ignoré
    C:\System Volume Information\_restore{187A9D9F-594C-42B9-99AF-D93181EA7583}\RP5\A0000394.dll Infecté : Trojan.Win32.BHO.agz ignoré
    C:\System Volume Information\_restore{187A9D9F-594C-42B9-99AF-D93181EA7583}\RP5\change.log L'objet est verrouillé ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AppCert/wsil32.dll.vir Infecté : Trojan-Downloader.Win32.Agent.hbp ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-01-08_210532.29.zip/drmstore.dll Infecté : Trojan.Win32.BHO.agz ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-01-08_210532.29.zip Infecté : Trojan.Win32.BHO.agz ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar Infecté : Trojan.Win32.BHO.agz ignoré
    C:\upload_moi_PCTEK.tar.gz GZIP: infecté - 4 ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\EventCache\{84DBF9EF-3F68-4D89-A326-116A416F1491}.bin L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.
    14 Janvier 2008 00:11:48

    kaspersky a trouvé 3 virus et 266 objets infectés moi qui croyais en avoir terminé avec les virus...
    merci pour ton aide
    14 Janvier 2008 00:19:54

    re
    le rapport n'est pas complet.
    mais tous les fichiers infectieux sont dans tes boîtes mails.
    dans outlook et dans Windows Live Mail. Fais le ménage dans tes mails. supprime tout.
    Il y a aussi une sauvegarde dans ces deux logiciels, je ne sais pas où c'est. je n'utilise pas ces programmes.
    le chemin est par exemple:
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Identities\{7C7F3A7C-23F9-4D02-927D-5480EC70632C}\Microsoft\Outlook Express\Éléments supprimés.dbx
    tu dois pouvoir y acceder par outlook, supprime tout ça.
    14 Janvier 2008 01:04:40

    re,
    tu es sur que le rapport n'est pas complet je te l'ai envoyé en 2 fois et a la fin il é ecrit analyse terminée peut etre que la deuxieme partie de mon message n'était pas encor en ligne au moment ou tu as regardé?
    sinon j'ai viré tout ce qu'il y avait dans sent et deleted items dans windows live mail pareil pour outlook
    que faire maintenant?
    14 Janvier 2008 16:58:13

    bonjour
    Citation :
    tu es sur que le rapport n'est pas complet je te l'ai envoyé en 2 fois et a la fin il é ecrit analyse terminée peut etre que la deuxieme partie de mon message n'était pas encor en ligne au moment ou tu as regardé?

    j'étais en ligne, je rédigeais ma réponse ;O)

    Citation :
    que faire maintenant?

    refais un scan en ligne pour voir si ça a suffit
    16 Janvier 2008 20:07:53

    bonsoir
    desolé de repondre si tard voila le resultat de mon scan
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, January 16, 2008 4:32:42 AM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 15/01/2008
    Enregistrements dans la base antivirus Kaspersky : 478653
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Statistiques de l'analyse:
    Total d'objets analysés: 102235
    Nombre de virus trouvés: 3
    Nombre d'objets infectés: 260 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 06:09:35

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\ANTHONY PIRES\Application Data\user60.rdb L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\dfsr.db L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\fsr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\fsrtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Messenger\piresanthony@hotmail.com\SharingMetadata\Working\database_520C_D9C4_CD9_A371\tmp.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Contacts\piresanthony@hotmail.com\real\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Application Data\Microsoft\Windows Live Contacts\piresanthony@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Historique\History.IE5\MSHist012008011520080116\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\Acr6CB5.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DF1919.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DF192E.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DFDFFA.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DFEF7C.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temp\~DFF2D1.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\Mes archives de conversations\janvier 2008\Historique des Évènements.xml L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\Mes documents\Mes archives de conversations\janvier 2008\misselodu59@hotmail.fr.html L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\ANTHONY PIRES\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc101.eml/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:07:35 +0200]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc101.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc103.eml/[From franetunas@tele2.fr][Date Fri, 29 Oct 2004 13:50:43 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc103.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc11.eml/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 2 Nov 2004 20:26:31 +0100]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc11.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc110.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 23 Oct 2004 12:04:28 +0200]/message_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc110.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc112.eml/[From skoorpio@yahoo.com][Date Tue, 26 Oct 2004 12:47:34 +0200]/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc112.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc113.eml/[From jose.dasilva10@wanadoo.fr][Date Tue, 26 Oct 2004 22:47:41 +0200]/message_part2.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc113.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc115.eml/[From piccolo_clv@yahoo.fr][Date Tue, 29 Jun 2004 14:32:54 +0200]/message_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc115.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc117.eml/[From skoorpio@yahoo.com][Date Wed, 20 Oct 2004 21:27:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc117.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc118.eml/[From francesco.vasciarelli@wanadoo.fr][Date Wed, 10 Nov 2004 17:47:09 +0100]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc118.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc121.eml/[From ay.96726375.161613.0@reply.ebay.com][Date Sat, 26 Jun 2004 21:43:13 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc121.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc127.eml/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 15:41:38 +0200]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc127.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc132.eml/[From jose.dasilva10@wanadoo.fr][Date Wed, 20 Oct 2004 19:55:54 +0200]/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc132.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc133.eml/[From postmaster@isp.9tel.net][Date Sun, 31 Oct 2004 16:26:10 +0100]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc133.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc140.eml/[From jose.dasilva10@wanadoo.fr][Date Wed, 6 Oct 2004 19:11:13 +0200]/all_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc140.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc141.eml/[From piresanthony@hotmail.com][Date Fri, 22 Oct 2004 17:41:41 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc141.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc147.eml/[From franetunas@tele2.fr][Date Wed, 27 Oct 2004 18:32:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc147.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc151.eml/[From jose.dasilva10@wanadoo.fr][Date Sun, 7 Nov 2004 14:56:03 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc151.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc153.eml/[From jose.dasilva10@wanadoo.fr][Date Fri, 1 Oct 2004 19:33:06 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc153.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc156.eml/[From moilolarb@hotmail.com][Date Sat, 2 Oct 2004 18:58:06 +0200]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc156.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc157.eml/[From franetunas@tele2.fr][Date Sun, 24 Oct 2004 15:01:52 +0200]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc157.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc16.eml/[From clickandopt@clickandopt.net][Date Tue, 22 Jun 2004 23:15:10 +0200]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc16.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc161.eml/[From manuel.piresivo@neuf.fr][Date Sun, 26 Sep 2004 20:19:29 +0200]/document_word.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc161.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc163.eml/[From [84.97.23.104]][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Sun, 31 Oct 2004 16:27:39 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc163.eml/[From [84.97.23.104]][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc163.eml Mail: infecté - 2 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc166.eml/[From jose.dasilva10@wanadoo.fr][Date Sat, 13 Nov 2004 15:33:35 +0100]/your_website.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc166.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc167.eml/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 12 Oct 2004 17:17:41 +0200]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc167.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc168.eml/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc168.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc178.eml/[From franetunas@tele2.fr][Date Fri, 12 Nov 2004 19:33:01 +0100]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc178.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc179.eml/[From piresanthony@hotmail.com][Date Sat, 16 Oct 2004 17:09:26 +0200]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc179.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc18.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 17 Oct 2004 18:52:44 +0200]/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc18.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc180.eml/[From jose.dasilva10@wanadoo.fr][Date Mon, 27 Sep 2004 19:12:11 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc180.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc184.eml/[From skoorpio@yahoo.com][Date Mon, 8 Nov 2004 21:29:01 +0100]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc184.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc187.eml/[From jose.dasilva10@wanadoo.fr][Date Wed, 27 Oct 2004 12:55:23 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc187.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From moilolarb@hotmail.com][Date Sun, 13 Jun 2004 23:53:47 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From moilolarb@hotmail.com][Date Sun, 13 Jun 2004 23:53:47 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Fri, 8 Oct 2004 17:50:29 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Fri, 8 Oct 2004 17:50:29 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Fri, 29 Oct 2004 13:50:43 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Fri, 29 Oct 2004 13:50:43 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From piccolo_clv@yahoo.fr][Date Tue, 29 Jun 2004 14:32:54 +0200]/UNNAMED/message_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From piccolo_clv@yahoo.fr][Date Tue, 29 Jun 2004 14:32:54 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From ay.96726375.161613.0@reply.ebay.com][Date Sat, 26 Jun 2004 21:43:13 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From ay.96726375.161613.0@reply.ebay.com][Date Sat, 26 Jun 2004 21:43:13 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From clickandopt@clickandopt.net][Date Tue, 22 Jun 2004 23:15:10 +0200]/UNNAMED/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From clickandopt@clickandopt.net][Date Tue, 22 Jun 2004 23:15:10 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Sun, 26 Sep 2004 20:19:29 +0200]/UNNAMED/document_word.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Sun, 26 Sep 2004 20:19:29 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 26 Sep 2004 17:12:38 +0200]/UNNAMED/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 26 Sep 2004 17:12:38 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Mon, 27 Sep 2004 19:12:11 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Mon, 27 Sep 2004 19:12:11 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Tue, 28 Sep 2004 15:46:36 +0200]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Tue, 28 Sep 2004 15:46:36 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 28 Sep 2004 18:41:25 +0200]/UNNAMED/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 28 Sep 2004 18:41:25 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 29 Sep 2004 20:13:16 +0200]/UNNAMED/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 29 Sep 2004 20:13:16 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 15:41:38 +0200]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 15:41:38 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 1 Oct 2004 19:33:06 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 1 Oct 2004 19:33:06 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 5 Oct 2004 22:14:22 +0200]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Tue, 5 Oct 2004 22:14:22 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 6 Oct 2004 19:11:13 +0200]/UNNAMED/all_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 6 Oct 2004 19:11:13 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 9 Oct 2004 12:23:44 +0200]/UNNAMED/mp3music.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 9 Oct 2004 12:23:44 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 10 Oct 2004 20:47:18 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 10 Oct 2004 20:47:18 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Mon, 11 Oct 2004 18:07:08 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Mon, 11 Oct 2004 18:07:08 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 12 Oct 2004 17:17:41 +0200]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 12 Oct 2004 17:17:41 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Wed, 13 Oct 2004 18:29:22 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Wed, 13 Oct 2004 18:29:22 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Fri, 15 Oct 2004 18:59:04 +0200]/UNNAMED/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Fri, 15 Oct 2004 18:59:04 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 16 Oct 2004 12:41:13 +0200]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 16 Oct 2004 12:41:13 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From piresanthony@hotmail.com][Date Sat, 16 Oct 2004 17:09:26 +0200]/UNNAMED/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From piresanthony@hotmail.com][Date Sat, 16 Oct 2004 17:09:26 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 17 Oct 2004 18:52:44 +0200]/UNNAMED/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 17 Oct 2004 18:52:44 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 673559a01c61197@www.cosmos.com.mx][Date Mon, 18 Oct 2004 19:10:50 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 673559a01c61197@www.cosmos.com.mx][Date Mon, 18 Oct 2004 19:10:50 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:07:35 +0200]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:07:35 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED/[From [84.97.27.29]]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:15:08 +0200]/message_part2.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED/[From [84.97.27.29]]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 416e20283@mailci.in.t-online.fr][Date Tue, 19 Oct 2004 19:27:39 +0200]/UNNAMED/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From 416e20283@mailci.in.t-online.fr][Date Tue, 19 Oct 2004 19:27:39 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 20 Oct 2004 19:55:54 +0200]/UNNAMED/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 20 Oct 2004 19:55:54 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Wed, 20 Oct 2004 21:27:09 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Wed, 20 Oct 2004 21:27:09 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Thu, 21 Oct 2004 17:38:27 +0200]/UNNAMED/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Thu, 21 Oct 2004 17:38:27 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From piresanthony@hotmail.com][Date Fri, 22 Oct 2004 17:41:41 +0200]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From piresanthony@hotmail.com][Date Fri, 22 Oct 2004 17:41:41 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 23 Oct 2004 12:04:28 +0200]/UNNAMED/message_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 23 Oct 2004 12:04:28 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Sun, 24 Oct 2004 15:01:52 +0200]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Sun, 24 Oct 2004 15:01:52 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Mon, 25 Oct 2004 12:29:02 +0200]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Mon, 25 Oct 2004 12:29:02 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Tue, 26 Oct 2004 12:47:34 +0200]/UNNAMED/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Tue, 26 Oct 2004 12:47:34 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 27 Oct 2004 12:55:23 +0200]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Wed, 27 Oct 2004 12:55:23 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From saphyrine@hotmail.com][Date Fri, 29 Oct 2004 18:12:57 +0200]/UNNAMED/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From saphyrine@hotmail.com][Date Fri, 29 Oct 2004 18:12:57 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED/[From [84.97.25.115]]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Fri, 29 Oct 2004 18:18:34 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED/[From [84.97.25.115]]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 30 Oct 2004 14:16:24 +0200]/UNNAMED/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 30 Oct 2004 14:16:24 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED/[From [84.97.23.104]]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Sun, 31 Oct 2004 16:27:39 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED/[From [84.97.23.104]]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Sun, 31 Oct 2004 10:23:31 -0500 (EST)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From postmaster@isp.9tel.net][Date Sun, 31 Oct 2004 16:26:10 +0100]/UNNAMED/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From postmaster@isp.9tel.net][Date Sun, 31 Oct 2004 16:26:10 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 1 Nov 2004 12:37:57 +0100]/UNNAMED/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Mon, 1 Nov 2004 12:37:57 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 2 Nov 2004 20:26:31 +0100]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Tue, 2 Nov 2004 20:26:31 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Sat, 6 Nov 2004 21:35:49 +0100]/UNNAMED/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Sat, 6 Nov 2004 21:35:49 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 7 Nov 2004 14:56:03 +0100]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sun, 7 Nov 2004 14:56:03 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Mon, 8 Nov 2004 21:29:01 +0100]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From skoorpio@yahoo.com][Date Mon, 8 Nov 2004 21:29:01 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Tue, 9 Nov 2004 18:00:37 +0100]/UNNAMED/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From manuel.piresivo@neuf.fr][Date Tue, 9 Nov 2004 18:00:37 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Wed, 10 Nov 2004 17:47:09 +0100]/UNNAMED/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From francesco.vasciarelli@wanadoo.fr][Date Wed, 10 Nov 2004 17:47:09 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Thu, 11 Nov 2004 12:26:45 +0100]/UNNAMED/document_full.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Thu, 11 Nov 2004 12:26:45 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Fri, 12 Nov 2004 19:33:01 +0100]/UNNAMED/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From franetunas@tele2.fr][Date Fri, 12 Nov 2004 19:33:01 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 12 Nov 2004 23:19:42 +0100]/UNNAMED/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Fri, 12 Nov 2004 23:19:42 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 13 Nov 2004 15:33:35 +0100]/UNNAMED/your_website.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx/[From jose.dasilva10@wanadoo.fr][Date Sat, 13 Nov 2004 15:33:35 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc2.dbx Mail MS Outlook 5: infecté - 119 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc20.eml/[From saphyrine@hotmail.com][Date Fri, 29 Oct 2004 18:12:57 +0200]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc20.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc21.eml/[From jose.dasilva10@wanadoo.fr][Date Sat, 16 Oct 2004 12:41:13 +0200]/your_archive.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc21.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc219.eml/[From "ivo manuel pires" <melton@club-internet.fr>][Date Sun, 20 Jun 2004 16:32:54 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc219.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc222.eml/[From "ivo manuel pires" <melton@club-internet.fr>][Date Sun, 20 Jun 2004 16:35:42 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc222.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc33.eml/[From jose.dasilva10@wanadoo.fr][Date Fri, 12 Nov 2004 23:19:42 +0100]/your_picture.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc33.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc38.eml/[From francesco.vasciarelli@wanadoo.fr][Date Mon, 11 Oct 2004 18:07:08 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc38.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc39.eml/[From 623e697595c0a802073f0@ismtp9.agf.fr][Date Wed, 16 Jun 2004 21:22:09 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc39.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc4.eml/[From franetunas@tele2.fr][Date Fri, 8 Oct 2004 17:50:29 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc4.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc40.eml/[From manuel.piresivo@neuf.fr][Date Tue, 9 Nov 2004 18:00:37 +0100]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc40.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc41.eml/[From skoorpio@yahoo.com][Date Thu, 30 Sep 2004 20:15:02 +0200]/document_excel.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc41.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc44.eml/[From 673559a01c61197@www.cosmos.com.mx][Date Mon, 18 Oct 2004 19:10:50 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc44.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc46.eml/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc46.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc5.eml/[From manuel.piresivo@neuf.fr][Date Wed, 13 Oct 2004 18:29:22 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc5.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc50.eml/[From moilolarb@hotmail.com][Date Sun, 13 Jun 2004 23:53:47 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc50.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc51.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sun, 26 Sep 2004 17:12:38 +0200]/your_bill.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc51.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc53.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 30 Oct 2004 14:16:24 +0200]/yours.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc53.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc56.eml/[From jose.dasilva10@wanadoo.fr][Date Thu, 11 Nov 2004 12:26:45 +0100]/document_full.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc56.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc57.eml/[From jose.dasilva10@wanadoo.fr][Date Sun, 10 Oct 2004 20:47:18 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc57.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc58.eml/[From [84.97.25.115]][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Fri, 29 Oct 2004 18:18:34 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc58.eml/[From [84.97.25.115]][Date Fri, 29 Oct 2004 12:14:20 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc58.eml Mail: infecté - 2 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc6.eml/[From manuel.piresivo@neuf.fr][Date Mon, 1 Nov 2004 12:37:57 +0100]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc6.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc65.eml/[From 416e20283@mailci.in.t-online.fr][Date Tue, 19 Oct 2004 19:27:39 +0200]/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc65.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc66.eml/[From jose.dasilva10@wanadoo.fr][Date Wed, 29 Sep 2004 20:13:16 +0200]/your_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc66.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc68.eml/[From jose.dasilva10@wanadoo.fr][Date Tue, 5 Oct 2004 22:14:22 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc68.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc70.eml/[From [84.97.27.29]][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED/[From manuel.piresivo@neuf.fr][Date Mon, 18 Oct 2004 20:15:08 +0200]/message_part2.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc70.eml/[From [84.97.27.29]][Date Mon, 18 Oct 2004 14:11:22 -0400 (EDT)]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc70.eml Mail: infecté - 2 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc71.eml/[From piresanthony@hotmail.com][Date Thu, 14 Oct 2004 17:20:13 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc71.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc77.eml/[From franetunas@tele2.fr][Date Tue, 28 Sep 2004 15:46:36 +0200]/your_letter.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc77.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc78.eml/[From francesco.vasciarelli@wanadoo.fr][Date Fri, 15 Oct 2004 18:59:04 +0200]/document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc78.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc79.eml/[From jose.dasilva10@wanadoo.fr][Date Tue, 28 Sep 2004 18:41:25 +0200]/your_file.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc79.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc81.eml/[From franetunas@tele2.fr][Date Mon, 25 Oct 2004 12:29:02 +0200]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc81.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc83.eml/[From francesco.vasciarelli@wanadoo.fr][Date Sat, 9 Oct 2004 12:23:44 +0200]/mp3music.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc83.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc94.eml/[From forever_latina@hotmail.com][Date Thu, 17 Jun 2004 11:13:11 +0200]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc94.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc95.eml/[From manuel.piresivo@neuf.fr][Date Sat, 6 Nov 2004 21:35:49 +0100]/my_details.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc95.eml Mail: infecté - 1 ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc98.eml/[From skoorpio@yahoo.com][Date Thu, 21 Oct 2004 17:38:27 +0200]/document_4351.pif Infecté : Email-Worm.Win32.NetSky.d ignoré
    C:\RECYCLER\S-1-5-21-1451970963-2533054440-1655813789-1006\Dc98.eml Mail: infecté - 1 ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{187A9D9F-594C-42B9-99AF-D93181EA7583}\RP5\A0000393.dll Infecté : Trojan.Win32.BHO.agz ignoré
    C:\System Volume Information\_restore{187A9D9F-594C-42B9-99AF-D93181EA7583}\RP5\A0000394.dll Infecté : Trojan.Win32.BHO.agz ignoré
    C:\System Volume Information\_restore{187A9D9F-594C-42B9-99AF-D93181EA7583}\RP5\change.log L'objet est verrouillé ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AppCert/wsil32.dll.vir Infecté : Trojan-Downloader.Win32.Agent.hbp ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-01-08_210532.29.zip/drmstore.dll Infecté : Trojan.Win32.BHO.agz ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-01-08_210532.29.zip Infecté : Trojan.Win32.BHO.agz ignoré
    C:\upload_moi_PCTEK.tar.gz/upload_moi.tar Infecté : Trojan.Win32.BHO.agz ignoré
    C:\upload_moi_PCTEK.tar.gz GZIP: infecté - 4 ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\EventCache\{C0AF2FB4-7F62-42F2-9C78-121B05B794FD}.bin L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.
    16 Janvier 2008 20:27:08

    bonsoir

    ça m'apprendra à oublier de te dire de vider la corbeille après le nettoyage. (toutes les détections sur C:\RECYCLER)
    Fais-le :) 

    ~Désactive puis réactive la restauration en suivant ce tuto:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
    Il faudra désactiver la restauration, redémarrer l'ordinateur et réactiver aussitôt la restauration.

    Supprime tous les programmes installés pour la désinfection.
    Tu peux garder AVG - antispyware qui est le meilleur antispyware du moment. Au bout de 30 jours, tu perdras le bouclier résident et les mises à jours automatiques. Mais tu pourras le garder et le passer régulièrement en faisant les mises à jours manuellement.

    ~Tu devrais également utiliser régulièrement Ccleaner. (au moins toutes les semaines):

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS