Tom's Guide > Forum > Sécurité - Virus > [ Résolu ] Probleme avec un virus :S
[ Résolu ] Probleme avec un virus :S - Sécurité - Virus
TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Répondre
Mot :    Pseudo :           
 
watcha007   22-11-2007 à 18:43:48

Bonjour !

Bon j'ai quelques petits problemes avec un certain virus qui se nomme :

"VBS:Malware-gen"

Mon anti-virus "avast" le situe dans " C:\DOCUM~1\CYRILZ~1\LOCALS~1\Temp\1.reg"

Il me propose de le mettre en quarantaine ( ce que je fais puis je le suprime ) Mais a chaque redémarage du systeme, le virus y est toujours ....Je ne ne comprends pas ... :fou:

Donc si vous pouviez m'apporter un ptit peu d'aide ^^ se serait gentil à vous !!! ^^ merciiiiiiiiiiiiiiii ^^ :wahoo:

( Si vous avez besoin d'information demandez...)


Message édité par watcha007 le 27-11-2007 à 19:19:06
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
chercheur_   23-11-2007 à 00:10:24
- 0 +

Bonjour


Télécharge HijackThis v2.0.2
http://www.trendsecure.com/portal/ [...] ckThis.exe
Démo en image
http://perso.orange.fr/rginformati [...] hijack.htm

Fais un scan et poste l'analyse ici.

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   23-11-2007 à 12:35:27
- 0 +

Oki ^^

Voila le scan :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:42, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\WinUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\progra~1\steam\steam.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\CYRILZ~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Cyril ze jibes king\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cu [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MS ConfigUpdate] msconfigl.exe
O4 - HKLM\..\Run: [Windows Updater] WinUpdater.exe
O4 - HKLM\..\RunServices: [MS ConfigUpdate] msconfigl.exe
O4 - HKLM\..\RunServices: [Windows Updater] WinUpdater.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453927 14
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Drivedrv] C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1\Admin Program.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elbucho007.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11142 bytes

Répondre à watcha007
chercheur_   23-11-2007 à 12:55:05
- 0 +

Plusieurs infections.


$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com [...] /SDFix.exe


$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   23-11-2007 à 15:20:35
- 0 +

Alors voila pour le rapport SDFix :


SDFix: Version 1.115

Run by Cyril ze jibes king on 23/11/2007 at 14:48

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 15:01:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b9f4a1]
"0016200dfa96"=hex:29,29,24,07,9a,25,27,3b,72,a2,6b,77,ef,9c,7e,24
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:2c,2b,68,d7,67,58,af,20,23,2a,13,74,e3,72,c7,85,1d,38,d0,71,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:a1,b0,42,54,e7,6a,93,38,67,99,29,06,84,03,9d,f0,20,80,e7,89,61,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,30,d2,a5,de,31,07,cf,13,f8,c6,f0,8b,a4,83,8f,f5,a6,..
"khjeh"=hex:04,8f,4c,e6,67,98,5e,62,f6,8d,bd,c2,18,69,1d,5f,4a,a7,98,4f,77,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8a,31,0c,31,f4,db,1a,91,4f,fb,56,9d,c1,fd,a7,4d,59,6b,b9,f4,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e0,63,a0,23,da,4e,44,8b,cc,ea,25,9c,cc,8f,47,1d,e6,f7,af,e3,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:e0,63,a0,23,da,4e,44,8b,cc,ea,25,9c,cc,8f,47,1d,e6,f7,af,e3,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:e0,63,a0,23,da,4e,44,8b,cc,ea,25,9c,cc,8f,47,1d,e6,f7,af,e3,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b9f4a1]
"0016200dfa96"=hex:29,29,24,07,9a,25,27,3b,72,a2,6b,77,ef,9c,7e,24
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:2c,2b,68,d7,67,58,af,20,23,2a,13,74,e3,72,c7,85,1d,38,d0,71,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:a1,b0,42,54,e7,6a,93,38,67,99,29,06,84,03,9d,f0,20,80,e7,89,61,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,30,d2,a5,de,31,07,cf,13,f8,c6,f0,8b,a4,83,8f,f5,a6,..
"khjeh"=hex:04,8f,4c,e6,67,98,5e,62,f6,8d,bd,c2,18,69,1d,5f,4a,a7,98,4f,77,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8a,31,0c,31,f4,db,1a,91,4f,fb,56,9d,c1,fd,a7,4d,59,6b,b9,f4,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e0,63,a0,23,da,4e,44,8b,cc,ea,25,9c,cc,8f,47,1d,e6,f7,af,e3,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:e0,63,a0,23,da,4e,44,8b,cc,ea,25,9c,cc,8f,47,1d,e6,f7,af,e3,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:e0,63,a0,23,da,4e,44,8b,cc,ea,25,9c,cc,8f,47,1d,e6,f7,af,e3,0f,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"NextDetectionTime"="2007-11-22 18:44:51"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d]
"CurrentCacheFile"="C:\WINDOWS\SoftwareDistribution\EventCache\{C2C8B065-18CE-4859-9890-CA8BC35E8CE4}.bin"

scanning hidden files ... (suite au prochain post )


Message édité par watcha007 le 23-11-2007 à 15:28:48
Répondre à watcha007
watcha007   23-11-2007 à 15:30:22
- 0 +

C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\29\476-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3029-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v476-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 40980 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\29\476-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3029-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v476-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4568 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\01\406-{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}-v1-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v406-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\01\456-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3001-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v456-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 32286 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\01\456-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3001-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v456-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3560 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\01\509-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v501-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v509-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 52734 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\01\509-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v501-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v509-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3576 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\01\509-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v501-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v509-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5840 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\02\444-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2902-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v444-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 32286 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\02\444-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2902-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v444-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3560 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\02\510-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v502-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v510-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 66198 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\02\510-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v502-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v510-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4548 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\02\510-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v502-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v510-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7408 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\03\517-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v503-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v517-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 110226 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\03\517-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v503-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v517-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 7896 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\03\517-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v503-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v517-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 12272 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\05\457-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3005-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v457-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12252 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\05\457-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3005-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v457-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1400 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\06\468-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3006-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v468-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 28740 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\06\468-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3006-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v468-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3240 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\06\507-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v506-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v507-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 108318 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\06\507-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v506-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v507-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 7428 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\06\507-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v506-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v507-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 12040 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\07\421-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v407-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v421-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 25122 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\07\421-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v407-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v421-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1866 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\07\421-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v407-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v421-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2752 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\07\446-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2907-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v446-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 48018 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\07\446-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2907-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v446-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5296 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\2934-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2908-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2934-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3864 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\422-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v408-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v422-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 51168 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\422-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v408-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v422-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3540 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\422-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v408-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v422-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5688 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\469-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3008-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v469-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 35364 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\469-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3008-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v469-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3944 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\521-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v508-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v521-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 49836 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\521-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v508-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v521-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3432 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\08\521-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v508-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v521-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5656 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\09\423-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v409-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v423-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 42636 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\09\423-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v409-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v423-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3108 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\09\423-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v409-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v423-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4768 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\10\424-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v410-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v424-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 45786 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\10\424-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v410-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v424-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3342 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\10\424-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v410-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v424-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5104 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\11\425-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v411-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v425-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 39054 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\11\425-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v411-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v425-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2874 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\11\425-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v411-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v425-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4360 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\11\522-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v511-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v522-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 56964 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\11\522-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v511-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v522-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3918 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\11\522-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v511-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v522-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6328 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\3127-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v512-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 119460 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\3127-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v512-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 8400 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\3127-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v512-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 13264 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\426-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v412-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v426-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 53058 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\426-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v412-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v426-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3792 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\426-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v412-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v426-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5864 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\447-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2912-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v447-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 34554 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\447-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2912-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v447-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3800 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\470-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3012-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v470-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 35112 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\12\470-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3012-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v470-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3928 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\13\427-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v413-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v427-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 54336 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\13\427-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v413-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v427-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3864 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\13\427-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v413-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v427-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6032 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\13\524-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v513-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v524-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 132690 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\13\524-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v513-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v524-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 9516 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\13\524-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v513-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v524-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 14808 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\14\428-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v414-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v428-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 61410 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\14\428-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v414-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v428-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4206 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\14\428-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v414-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v428-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6776 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\14\525-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v514-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v525-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38568 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\14\525-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v514-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v525-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2748 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\14\525-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v514-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v525-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4456 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\429-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v415-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v429-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38514 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\429-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v415-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v429-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2712 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\429-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v415-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v429-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4248 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\451-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2915-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v451-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 34230 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\451-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2915-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v451-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3792 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\471-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3015-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v471-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 39360 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\471-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3015-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v471-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4368 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\526-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v515-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v526-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 136812 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\526-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v515-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v526-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 9840 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\15\526-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v515-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v526-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 15312 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\16\430-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v416-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v430-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 43716 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\16\430-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v416-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v430-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3180 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\16\430-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v416-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v430-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4888 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\16\448-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2916-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v448-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 41376 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\16\448-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2916-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v448-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4520 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\16\472-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3016-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v472-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18876 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\16\472-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3016-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v472-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2096 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\17\431-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v417-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v431-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 46092 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\17\431-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v417-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v431-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3270 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\17\431-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v417-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v431-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5080 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\18\432-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v418-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v432-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 48342 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\18\432-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v418-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v432-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3306 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\18\432-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v418-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v432-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5456 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\18\527-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v518-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v527-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 107274 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\18\527-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v518-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v527-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 7536 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\18\527-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v518-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v527-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 11968 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\433-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v419-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v433-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 70230 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\433-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v419-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v433-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5016 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\433-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v419-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v433-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7752 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\449-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2919-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v449-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 32034 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\449-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2919-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v449-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3632 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\473-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3019-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v473-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30288 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\473-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3019-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v473-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3384 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\528-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v519-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v528-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 98868 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\528-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v519-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v528-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 6924 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\19\528-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v519-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v528-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 10872 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\20\434-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v420-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v434-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 58350 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\20\434-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v420-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v434-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4224 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\20\434-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v420-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v434-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6424 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\20\529-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v520-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v529-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 43878 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\20\529-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v520-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v529-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3396 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\20\529-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v520-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v529-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4928 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\23\474-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3023-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v474-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38928 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\23\474-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3023-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v474-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4296 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\26\454-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2926-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v454-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38694 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\26\454-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2926-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v454-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2892 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\26\454-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2926-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v454-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4336 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\27\453-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2927-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v453-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 26274 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\27\453-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2927-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v453-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2046 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\27\453-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2927-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v453-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2880 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\27\475-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3027-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v475-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 50520 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\27\475-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3027-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v475-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5592 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\31\478-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3031-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v478-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 52950 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\31\478-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3031-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v478-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5872 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\32\2933-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2932-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v2933-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\33\3034-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3033-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3034-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\35\439-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v435-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v439-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 339564 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\35\439-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v435-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v439-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 38240 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\36\440-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v436-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v440-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1938 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\36\440-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v436-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v440-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 216 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\37\441-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v437-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v441-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2028 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\37\441-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v437-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v441-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 232 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\38\438-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v438-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v438-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1650 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\38\438-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v438-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v438-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\48\492-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3048-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v492-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14538 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\48\492-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3048-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v492-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1584 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\55\530-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3055-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v530-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 34482 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\55\530-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3055-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v530-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3840 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\57\532-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3057-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v532-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 26184 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\57\532-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3057-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v532-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2928 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\61\535-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3061-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v535-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47640 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\61\535-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3061-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v535-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5224 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\64\537-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3064-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v537-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 35040 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\64\537-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3064-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v537-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3928 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\65\541-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3065-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v541-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 36588 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\65\541-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3065-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v541-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4128 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\68\538-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3068-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v538-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 33870 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\68\538-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3068-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v538-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3760 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\70\3098-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3070-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3098-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4640 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\70\543-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3070-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v543-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 40908 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\70\543-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3070-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v543-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4640 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\73\542-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3073-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v542-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 35274 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\73\542-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3073-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v542-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3952 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\75\544-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3075-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v544-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30918 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\75\544-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3075-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v544-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3408 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\79\545-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3079-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v545-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 41430 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\79\545-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3079-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v545-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4600 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\82\547-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3082-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v547-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 83226 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\82\547-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3082-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v547-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 9240 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\84\549-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3084-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v549-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38424 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\84\549-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3084-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v549-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6664 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\91\3093-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3091-{D9A3B112-FBB0-42A1-BB6E-3B3E97FEB67B}-v3093-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C97DF}\93\498-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v493-{22975B81-22AA-4622-BAB8-E0D88E1BB999}-v498-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 66450 bytes hidden from API
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\aduprezxiii@hotmail.com\DFSR\Staging\CS{F604C7AF-1CF5-546B-C6EB-04DCCB2C

Répondre à watcha007
watcha007   23-11-2007 à 15:32:07
- 0 +

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 20 Dec 2005 1,152 A.SH. --- "C:\zl1fao30.sys"
Wed 17 Oct 2007 56 ..SHR --- "C:\WINDOWS\system32\B16874DAF1.sys"
Sun 3 Jun 2007 88 ..SHR --- "C:\WINDOWS\system32\F1DA7468B1.sys"
Wed 17 Oct 2007 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 13 Jun 2007 1,540,096 ..SHR --- "C:\WINDOWS\system32\msconfigl.exe"
Wed 13 Jun 2007 568,832 ..SHR --- "C:\WINDOWS\system32\WinUpdater.exe"
Sat 29 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 17 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Sat 29 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Cyril ze jibes king\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 21 Oct 2006 20 A..H. --- "C:\Documents and Settings\Cyril ze jibes king\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 7 Sep 2006 9,722 A.SH. --- "C:\Documents and Settings\Cyril ze jibes king\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!


Message édité par watcha007 le 23-11-2007 à 15:38:21
Répondre à watcha007
watcha007   23-11-2007 à 15:43:39
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:57, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\progra~1\steam\steam.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cyril ze jibes king\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cu [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MS ConfigUpdate] msconfigl.exe
O4 - HKLM\..\RunServices: [MS ConfigUpdate] msconfigl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453927 14
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Drivedrv] C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1\Admin Program.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elbucho007.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10751 bytes

Répondre à watcha007
chercheur_   23-11-2007 à 17:30:17
- 0 +

On continue.


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Télécharge LopxpMH sur ton Bureau.
http://www.alt-shift-return.org/In [...] pxpMH2.zip
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.
Fais aussi ceci.

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   23-11-2007 à 18:58:00
- 0 +

ComboFix 07-11-19.3 - Cyril ze jibes king 2007-11-23 18:41:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.236 [GMT 1:00]
Running from: C:\Documents and Settings\Cyril ze jibes king\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Cyril ze jibes king\Application Data\HbTools_Icons
C:\Documents and Settings\Cyril ze jibes king\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\Cyril ze jibes king\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\Cyril ze jibes king\Application Data\inst.exe
C:\Documents and Settings\Cyril ze jibes king\Application Data\macromedia\Flash Player\#SharedObjects\H7C6VD2C\iforex.com
C:\Documents and Settings\Cyril ze jibes king\Application Data\macromedia\Flash Player\#SharedObjects\H7C6VD2C\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Cyril ze jibes king\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Cyril ze jibes king\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Cyril ze jibes king\Application Data\WinAntiVirus Pro 2006
C:\Program Files\Hotbar
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\vspf
-------\vspf_hk


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))

2007-11-22 19:39 <REP> d-------- C:\Program Files\DAEMON Tools
2007-11-22 19:39 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-11-22 17:34 <REP> d-------- C:\Program Files\Save
2007-11-22 17:34 <REP> d-------- C:\Program Files\Fichiers communs\WhenU
2007-11-22 17:34 <REP> d-------- C:\Documents and Settings\Cyril ze jibes king\Application Data\WhenU
2007-11-21 20:25 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-19 20:11 <REP> d-------- C:\Program Files\Windows Live
2007-11-19 20:11 <REP> d-------- C:\Program Files\Adverts
2007-11-19 20:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-19 13:30 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-11-18 21:00 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-11 16:05 <REP> d-------- C:\Documents and Settings\Cyril ze jibes king\Application Data\Dev-Cpp
2007-11-08 20:09 357 --a------ C:\Documents and Settings\Cyril ze jibes king\.cb_layout.bin
2007-11-08 19:29 <REP> d-------- C:\Documents and Settings\Cyril ze jibes king\.CodeBlocks
2007-11-07 14:54 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 19:38 31,232 --a------ C:\WINDOWS\system\vdremote.dll
2007-11-04 19:38 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2007-11-02 15:08 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-01 21:21 <REP> d-------- C:\Program Files\Digilex
2007-11-01 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2007-10-27 22:38 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-10-27 22:35 <REP> d-------- C:\Program Files\World of Warcraft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2007-11-23 17:49 --------- d-----w C:\Program Files\Wanadoo
2007-11-23 17:49 --------- d-----w C:\Program Files\Steam
2007-11-23 17:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-23 11:28 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\vmntoolbar
2007-11-22 17:19 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-22 05:55 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\BitTorrent
2007-11-21 19:20 --------- d-----w C:\Program Files\Electronic Arts
2007-11-21 14:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-18 00:22 --------- d-----w C:\Program Files\Apple Software Update
2007-11-08 19:09 357 ----a-w C:\Documents and Settings\Cyril ze jibes king\.cb_layout.bin
2007-11-07 14:41 716,916 ----a-w C:\WINDOWS\pic01.exe
2007-11-07 14:09 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\mathtraydog
2007-11-07 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HoleBalmDefaultFor
2007-11-02 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-01 19:57 --------- d-----w C:\Program Files\CyberLink
2007-11-01 19:56 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-01 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-28 11:36 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\Vso
2007-10-28 10:49 --------- d-----w C:\Program Files\DivX
2007-10-21 07:40 87,608 ----a-w C:\Documents and Settings\Cyril ze jibes king\Application Data\ezpinst.exe
2007-10-21 07:40 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-21 07:40 47,360 ----a-w C:\Documents and Settings\Cyril ze jibes king\Application Data\pcouffin.sys
2007-10-21 07:40 --------- d-----w C:\Program Files\vso
2007-10-21 06:50 --------- d-----w C:\Program Files\Google
2007-10-20 20:53 --------- d-----w C:\Program Files\NCH Software
2007-10-20 20:11 --------- d-----w C:\Program Files\NCH Swift Sound
2007-10-20 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2007-10-20 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-10-20 20:08 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\NCH Swift Sound
2007-10-20 20:07 --------- d-----w C:\Program Files\Micro Application
2007-10-17 12:14 --------- d-----w C:\Program Files\Java
2007-10-15 17:16 --------- d-----w C:\Program Files\Notepad++
2007-10-15 17:16 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\Notepad++
2007-10-11 19:03 --------- d-----w C:\Program Files\BitTorrent
2007-10-10 15:00 --------- d-----w C:\Program Files\MultiProxy
2007-09-22 16:42 2,968 ----a-w C:\Documents and Settings\Cyril ze jibes king\Application Data\wklnhst.dat
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-06-03 12:27 88 --sh--r C:\WINDOWS\system32\F1DA7468B1.sys
2007-06-13 13:10 1,540,096 --sh--r C:\WINDOWS\system32\msconfigl.exe
2007-06-13 13:10 568,832 --sh--r C:\WINDOWS\system32\WinUpdater.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 16:10]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 10:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 16:07]
"Drivedrv"="C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1\Admin Program.exe" []
"Steam"="c:\progra~1\steam\steam.exe" [2007-11-15 14:39]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 16:51 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-08-02 15:35 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 16:13]
"avast!"="C:\PROGRA~1\Avast\ashDisp.exe" [2007-09-06 11:06]
"EPSON Stylus C42 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-19 04:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 16:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 16:37]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]
"MS ConfigUpdate"="msconfigl.exe" [2007-06-13 14:10 C:\WINDOWS\system32\msconfigl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MS ConfigUpdate"="msconfigl.exe" [2007-06-13 14:10 C:\WINDOWS\system32\msconfigl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S3 734d94b3-b358-40dc-b28a-a4bd3a3d8d83;734d94b3-b358-40dc-b28a-a4bd3a3d8d83;\??\D:\Player\cds300.dll
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-17 19:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-02 15:03:05 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 18:49:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 18:50:57 - machine was rebooted
.
--- E O F ---

rapport scan HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:44, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\progra~1\steam\steam.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Cyril ze jibes king\Bureau\HiJackThis.exe
C:\Program Files\Avast\setup\avast.setup
C:\WINDOWS\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cu [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MS ConfigUpdate] msconfigl.exe
O4 - HKLM\..\RunServices: [MS ConfigUpdate] msconfigl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453927 14
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Drivedrv] C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1\Admin Program.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elbucho007.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10808 bytes

Répondre à watcha007
watcha007   23-11-2007 à 19:03:10
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:44, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\progra~1\steam\steam.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Cyril ze jibes king\Bureau\HiJackThis.exe
C:\Program Files\Avast\setup\avast.setup
C:\WINDOWS\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cu [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MS ConfigUpdate] msconfigl.exe
O4 - HKLM\..\RunServices: [MS ConfigUpdate] msconfigl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453927 14
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Drivedrv] C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1\Admin Program.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elbucho007.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10808 bytes


rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:21, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\progra~1\steam\steam.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cyril ze jibes king\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cu [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MS ConfigUpdate] msconfigl.exe
O4 - HKLM\..\RunServices: [MS ConfigUpdate] msconfigl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453927 14
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Drivedrv] C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1\Admin Program.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elbucho007.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10636 bytes


Répondre à watcha007
chercheur_   23-11-2007 à 22:26:27
- 0 +

Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\F1DA7468B1.sys
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\WinUpdater.exe

Folder::
C:\Program Files\Save
C:\Program Files\Fichiers communs\WhenU
C:\Documents and Settings\Cyril ze jibes king\Application Data\WhenU
C:\Program Files\Adverts
C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Drivedrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MS ConfigUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MS ConfigUpdate"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   24-11-2007 à 13:49:35
- 0 +

ComboFix 07-11-19.3 - Cyril ze jibes king 2007-11-24 6:25:54.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.247 [GMT 1:00]
Running from: C:\Documents and Settings\Cyril ze jibes king\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cyril ze jibes king\Mes documents\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\F1DA7468B1.sys
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\WinUpdater.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1
C:\DOCUME~1\CYRILZ~1\APPLIC~1\MATHTR~1\41BC97BD
C:\Documents and Settings\Cyril ze jibes king\Application Data\WhenU
C:\Documents and Settings\Cyril ze jibes king\Application Data\WhenU\dtStore.dat
C:\Program Files\Adverts
C:\Program Files\Fichiers communs\WhenU
C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
C:\Program Files\Save
C:\Program Files\Save\ffext.mod
C:\Program Files\Save\save.db
C:\Program Files\Save\save.htm
C:\WINDOWS\system32\F1DA7468B1.sys
C:\WINDOWS\system32\msconfigl.exe
C:\WINDOWS\system32\WinUpdater.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
.

2007-11-22 19:39 <REP> d-------- C:\Program Files\DAEMON Tools
2007-11-22 19:39 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-11-21 20:25 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-19 20:11 <REP> d-------- C:\Program Files\Windows Live
2007-11-19 20:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-19 13:30 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-11-18 21:00 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-11 16:05 <REP> d-------- C:\Documents and Settings\Cyril ze jibes king\Application Data\Dev-Cpp
2007-11-08 20:09 357 --a------ C:\Documents and Settings\Cyril ze jibes king\.cb_layout.bin
2007-11-08 19:29 <REP> d-------- C:\Documents and Settings\Cyril ze jibes king\.CodeBlocks
2007-11-07 14:54 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 19:38 31,232 --a------ C:\WINDOWS\system\vdremote.dll
2007-11-04 19:38 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2007-11-02 15:08 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-01 21:21 <REP> d-------- C:\Program Files\Digilex
2007-11-01 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2007-10-27 22:38 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-10-27 22:35 <REP> d-------- C:\Program Files\World of Warcraft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 05:32 --------- d-----w C:\Program Files\Wanadoo
2007-11-24 05:32 --------- d-----w C:\Program Files\Steam
2007-11-23 20:01 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\vmntoolbar
2007-11-23 17:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-22 17:19 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-22 05:55 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\BitTorrent
2007-11-21 19:20 --------- d-----w C:\Program Files\Electronic Arts
2007-11-21 14:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-18 00:22 --------- d-----w C:\Program Files\Apple Software Update
2007-11-08 19:09 357 ----a-w C:\Documents and Settings\Cyril ze jibes king\.cb_layout.bin
2007-11-07 14:41 716,916 ----a-w C:\WINDOWS\pic01.exe
2007-11-07 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HoleBalmDefaultFor
2007-11-02 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-01 19:57 --------- d-----w C:\Program Files\CyberLink
2007-11-01 19:56 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-01 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-28 11:36 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\Vso
2007-10-28 10:49 --------- d-----w C:\Program Files\DivX
2007-10-21 07:40 87,608 ----a-w C:\Documents and Settings\Cyril ze jibes king\Application Data\ezpinst.exe
2007-10-21 07:40 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-21 07:40 47,360 ----a-w C:\Documents and Settings\Cyril ze jibes king\Application Data\pcouffin.sys
2007-10-21 07:40 --------- d-----w C:\Program Files\vso
2007-10-21 06:50 --------- d-----w C:\Program Files\Google
2007-10-20 20:53 --------- d-----w C:\Program Files\NCH Software
2007-10-20 20:11 --------- d-----w C:\Program Files\NCH Swift Sound
2007-10-20 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2007-10-20 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-10-20 20:08 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\NCH Swift Sound
2007-10-20 20:07 --------- d-----w C:\Program Files\Micro Application
2007-10-17 12:14 --------- d-----w C:\Program Files\Java
2007-10-15 17:16 --------- d-----w C:\Program Files\Notepad++
2007-10-15 17:16 --------- d-----w C:\Documents and Settings\Cyril ze jibes king\Application Data\Notepad++
2007-10-11 19:03 --------- d-----w C:\Program Files\BitTorrent
2007-10-10 15:00 --------- d-----w C:\Program Files\MultiProxy
2007-09-22 16:42 2,968 ----a-w C:\Documents and Settings\Cyril ze jibes king\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-23_18.50.31.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-24 05:31:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 16:10]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 10:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 16:07]
"Steam"="c:\progra~1\steam\steam.exe" [2007-11-15 14:39]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 16:51 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-08-02 15:35 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 16:13]
"avast!"="C:\PROGRA~1\Avast\ashDisp.exe" [2007-09-06 11:06]
"EPSON Stylus C42 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-19 04:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 16:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 16:37]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S3 734d94b3-b358-40dc-b28a-a4bd3a3d8d83;734d94b3-b358-40dc-b28a-a4bd3a3d8d83;\??\D:\Player\cds300.dll
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-17 19:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-02 15:03:05 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 06:31:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 6:33:55 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-23 18:50
.
--- E O F ---


rapport hijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:24, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\progra~1\steam\steam.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cyril ze jibes king\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cu [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453927 14
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elbucho007.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10491 bytes

Répondre à watcha007
chercheur_   24-11-2007 à 20:43:44
- 0 +

Re

Plus de signe d'infection dans ces apports.


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Aide toi de ce lien.
http://www.infos-du-net.com/forum/ [...] -kaspersky

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   25-11-2007 à 07:57:18
- 0 +

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 25, 2007 7:56:34 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 24/11/2007
Enregistrements dans la base antivirus Kaspersky : 436036
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\

Statistiques de l'analyse:
Total d'objets analysés: 94654
Nombre de virus trouvés: 5
Nombre d'objets infectés: 16 / 0
Nombre d'objets suspects: 2
Durée de l'analyse: 03:32:02

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\BitTorrent\bittorrent.log L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\BitTorrent\incomplete\4f90fffa-6909\Resident.Evil.Extinction.2007.French.TS.DivX-LTT.avi L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\BitTorrent\incomplete\72d47922-592a L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\Working\database_B834_B773_34B7_336C\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\Working\database_B834_B773_34B7_336C\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\Working\database_B834_B773_34B7_336C\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Messenger\elbucho007@hotmail.fr\SharingMetadata\Working\database_B834_B773_34B7_336C\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Windows Live Contacts\elbucho007@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Microsoft\Windows Live Contacts\elbucho007@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Application Data\Mozilla\Firefox\Profiles\rgrxq8i4.default\XUL.mfl L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Historique\History.IE5\MSHist012007112420071125\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Temp\~DF3E2D.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Temp\~DFF5BC.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Temp\~DFF5CA.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Temp\~DFFFDA.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Temp\~DFFFEC.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\BitTorrent Downloads\BlazingTools.Perfect.Keylogger.v1.6.6.1.WinAll.Incl.KeyGen-NeoX\neox.rar/keygen.exe Suspect : Packed.Win32.CryptExe ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\BitTorrent Downloads\BlazingTools.Perfect.Keylogger.v1.6.6.1.WinAll.Incl.KeyGen-NeoX\neox.rar RAR: suspect - 1 ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip/john-16/run/john.exe Infecté : HackTool.Win32.John ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip/john-16/run/john-k6.zip/john.exe Infecté : HackTool.Win32.John ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip/john-16/run/john-k6.zip Infecté : HackTool.Win32.John ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip/john-16/run/john-mmx.zip/john.exe Infecté : HackTool.Win32.John ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip/john-16/run/john-mmx.zip Infecté : HackTool.Win32.John ignoré
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip ZIP: infecté - 5 ignoré
C:\Documents and Settings\Cyril ze jibes king\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Cyril ze jibes king\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Avast\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Avast\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Avast\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Avast\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Avast\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Avast\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\L0000002.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Cyril ze jibes king\Data\storydb.idx L'objet est verrouillé ignoré
C:\Program Files\Steam\Steam.log L'objet est verrouillé ignoré
C:\Program Files\Steam\SteamApps\winui.gcf L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP296\A0066241.exe Infecté : Trojan.Win32.Obfuscated.en ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP296\A0066264.exe/pic01.exe Infecté : Backdoor.Win32.SdBot.cie ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP296\A0066264.exe ZIP: infecté - 1 ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP306\A0073916.exe Infecté : Backdoor.Win32.SdBot.cie ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP317\A0075000.exe Infecté : Trojan.Win32.Agent.cui ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP317\A0075009.exe Infecté : Backdoor.Win32.SdBot.cie ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP317\A0075020.exe Infecté : Backdoor.Win32.SdBot.cie ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP317\A0075021.exe Infecté : Trojan.Win32.Agent.cui ignoré
C:\System Volume Information\_restore{C3D36E4A-511B-4767-B408-394DFFCF9315}\RP329\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\pic01.exe/pic01.exe Infecté : Backdoor.Win32.SdBot.cie ignoré
C:\WINDOWS\pic01.exe ZIP: infecté - 1 ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\dtscsi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_69c.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.

Répondre à watcha007
chercheur_   25-11-2007 à 23:15:48
- 0 +

Bonjour


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.c [...] MoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Documents and Settings\Cyril ze jibes king\Mes documents\BitTorrent Downloads\BlazingTools.Perfect.Keylogger.v1.6.6.1.WinAll.Incl.KeyGen-NeoX\neox.rar
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip
C:\WINDOWS\pic01.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   26-11-2007 à 12:42:20
- 0 +

Alors voila le rapport :

C:\Documents and Settings\Cyril ze jibes king\Mes documents\BitTorrent Downloads\BlazingTools.Perfect.Keylogger.v1.6.6.1.WinAll.Incl.KeyGen-NeoX\neox.rar moved successfully.
C:\Documents and Settings\Cyril ze jibes king\Mes documents\john-16w.zip moved successfully.
C:\WINDOWS\pic01.exe moved successfully.

Created on 11/26/2007 12:37:27


On en est où du nettoyage ? cette supression annonce t-elle la fin de mes problèmes ? A vrai dire je ne savais que j'en avais autant sur le pc

Message cité 1 fois
Répondre à watcha007
chercheur_   26-11-2007 à 22:37:43
- 0 +

Bonjur

watcha007 a écrit :

On en est où du nettoyage ? cette supression annonce t-elle la fin de mes problèmes ? A vrai dire je ne savais que j'en avais autant sur le pc


Les joies du PeerToPeer ....


As tu encore des dysfonctionnements ?

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   27-11-2007 à 16:55:00
- 0 +

bé depuis avant hier en fait sur msn , je remarque que quand une personne se connecte en hors ligne automatiquement celle ci essaye de partager des dossier avec moi alors qu'elle n'en ait pas consciente " je n'ai pas accepté ces dossiers car j'ai vérifié d'abord auprès de la personne qui a "tenté" de me les envoyer". Celle ci me dit qu'elle ne m'a rien envoyé .

Je me suis d'abord dis que c'est cette personne qui a un probleme avec son msn, mais une autre personne ( affichée hor ligne ) essaye aussi de partager des dossier avec moi et elle non plus n'a pas conscience de ses partages qu'elle veut effectuer avec moi.

Je ne sais pas si c'est eux qui ont un problème ( mais il me parait un peu louche que se soit ça car ses personnes ne se connaissent pas et je suis certain de ça.) . C'est assez marrant car, ils ne savent pas comment je fais pour voir qu'ils sont en ligne, mais il peut peut etre avoir un effet secondaire si cela vient effectivement de mon pc ^^ ( donc je ne veux pas prendre de risques..^^ )

Voila mais après je ne vois aucun problèmes

Merci pour ton aide !!!

Répondre à watcha007
chercheur_   27-11-2007 à 18:14:49
- 0 +

Bonjour


Il y a une infection MSN qui circule en ce moment.
Cela envoie des fichiers infectieux automatiquement.

On vérifie.


Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   27-11-2007 à 19:04:15
- 0 +

MSNFix 1.592

C:\Documents and Settings\Cyril ze jibes king\Bureau\MSNFix
Fix exécuté le 27/11/2007 - 18:59:03,96 By Cyril ze jibes king
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\




************************ Suppression des fichiers



************************ Suppression des dossiers

.. OK ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 27112007_19014014.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------


( Ce n'est pas moi qui envoi ces fichier car mes contacts ne reçoivent rien , mais bien eux qui essaye e partager des fichier avec moi sans qu'ils le savent...)

Répondre à watcha007
chercheur_   27-11-2007 à 19:11:50
- 0 +

Oui, mais une vérification est utile.
Rien d'infectieux.

Je te conseille de prévenir tes correspondants qu'ils sont infecté.

Et donne leur la manip avec MSNFix.

Et s'ils hésitent, qu'ils postent sur le forum ;)


Encore deux choses.

Va sur ce lien pour mieux sécuriser ton PC
http://www.infos-du-net.com/forum/ [...] ordinateur

Edite ton premier message et ajoute Résolu à côté de ton titre.

------------------------------ Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
 Répondre à chercheur_
watcha007   27-11-2007 à 19:17:30
- 0 +

OKI , encore merci pour ton aide elle m'aura été sacrément utile meme indispensable :)

Répondre à watcha007
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > [ Résolu ] Probleme avec un virus :S
Aller à :

Il y a 2196 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,460 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens