Prob log hijackthis

Fermé

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007 - 27 nov. 2007 à 18:13
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 30 nov. 2007 à 19:29

Bonjour,
voici le log que me donne hijackthis si quelqu'un pourai m'expliquer comment faire ? merci

Logfile of HijackThis v1.99.1
Scan saved at 17:49:07, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\mcrsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\WINDOWS\mrofinu2000201.exe
C:\Program Files\Outlook Express\hocypexop77798.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Documents and Settings\serge\Application Data\Microsoft\Windows\tlvsqhn.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\DAEMON Tools\daemon.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/hbt.php?rewrite=intl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - C:\WINDOWS\system32\nnnolmm.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D75DEAB1-FA6B-4154-904A-07CAAA23F3E7} - C:\WINDOWS\system32\jkkhe.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logical Disk Browser] mcrsvc.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SE5.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000201.exe 61A847B5BBF72810329B385472F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [hocypexop] C:\Program Files\Outlook Express\hocypexop77798.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\serge\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\serge\Application Data\Microsoft\Windows\tlvsqhn.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{549A29A4-CABC-421C-8811-536B494DDA77}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F566428E-ED78-4051-A041-14A9718A6671}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: nnnolmm - C:\WINDOWS\SYSTEM32\nnnolmm.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

A voir également:

Prob log hijackthis
Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
View rescue log - Guide
Log base 2 calculatrice casio - Forum Windows
0.log miui - Forum Logiciels
Bootex log - Forum Windows

36 réponses

Réponse 21 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
29 nov. 2007 à 01:07

ok voila le compte rendu de OTMOVEit

DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtstss.dll
C:\WINDOWS\system32\awtstss.dll NOT unregistered.
C:\WINDOWS\system32\awtstss.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\byxyxyy.dll
C:\WINDOWS\system32\byxyxyy.dll NOT unregistered.
C:\WINDOWS\system32\byxyxyy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbxvuvu.dll
C:\WINDOWS\system32\cbxvuvu.dll NOT unregistered.
C:\WINDOWS\system32\cbxvuvu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbxyywv.dll
C:\WINDOWS\system32\cbxyywv.dll NOT unregistered.
C:\WINDOWS\system32\cbxyywv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcyxwv.dll
C:\WINDOWS\system32\efcyxwv.dll NOT unregistered.
C:\WINDOWS\system32\efcyxwv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccdddc.dll
C:\WINDOWS\system32\fccdddc.dll NOT unregistered.
C:\WINDOWS\system32\fccdddc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebbywx.dll
C:\WINDOWS\system32\gebbywx.dll NOT unregistered.
C:\WINDOWS\system32\gebbywx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebbyxv.dll
C:\WINDOWS\system32\gebbyxv.dll NOT unregistered.
C:\WINDOWS\system32\gebbyxv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebxxyw.dll
C:\WINDOWS\system32\gebxxyw.dll NOT unregistered.
C:\WINDOWS\system32\gebxxyw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hggfeee.dll
C:\WINDOWS\system32\hggfeee.dll NOT unregistered.
C:\WINDOWS\system32\hggfeee.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfdbxy.dll
C:\WINDOWS\system32\khfdbxy.dll NOT unregistered.
C:\WINDOWS\system32\khfdbxy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnnmmn.dll
C:\WINDOWS\system32\nnnnmmn.dll NOT unregistered.
C:\WINDOWS\system32\nnnnmmn.dll moved successfully.
C:\WINDOWS\system32\nnnolmm.dll.vir moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnolmn.dll
C:\WINDOWS\system32\opnolmn.dll NOT unregistered.
C:\WINDOWS\system32\opnolmn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnklkk.dll
C:\WINDOWS\system32\pmnklkk.dll NOT unregistered.
C:\WINDOWS\system32\pmnklkk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnkhg.dll
C:\WINDOWS\system32\pmnnkhg.dll NOT unregistered.
C:\WINDOWS\system32\pmnnkhg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qomlmll.dll
C:\WINDOWS\system32\qomlmll.dll NOT unregistered.
C:\WINDOWS\system32\qomlmll.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqrpml.dll
C:\WINDOWS\system32\ssqrpml.dll NOT unregistered.
C:\WINDOWS\system32\ssqrpml.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvwurq.dll
C:\WINDOWS\system32\tuvwurq.dll NOT unregistered.
C:\WINDOWS\system32\tuvwurq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqqnnm.dll
C:\WINDOWS\system32\urqqnnm.dll NOT unregistered.
C:\WINDOWS\system32\urqqnnm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xxyxvwu.dll
C:\WINDOWS\system32\xxyxvwu.dll NOT unregistered.
C:\WINDOWS\system32\xxyxvwu.dll moved successfully.

Created on 11/29/2007 01:04:04

Réponse 22 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
29 nov. 2007 à 03:48

et pour finir voila le log SAS

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 11/29/2007 at 03:06 AM

Application Version : 3.9.1008

Core Rules Database Version : 3351
Trace Rules Database Version: 1350

Scan type : Complete Scan
Total Scan Time : 01:45:53

Memory items scanned : 358
Memory threats detected : 0
Registry items scanned : 3513
Registry threats detected : 8
File items scanned : 26926
File threats detected : 42

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{58073977-6870-4D68-A355-845B00A8998A}
HKCR\CLSID\{58073977-6870-4D68-A355-845B00A8998A}
HKCR\CLSID\{58073977-6870-4D68-A355-845B00A8998A}\InprocServer32
HKCR\CLSID\{58073977-6870-4D68-A355-845B00A8998A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKHE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58073977-6870-4D68-A355-845B00A8998A}

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{162C6BC2-E852-4D45-B139-E8A6737F1054}
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\SSQRPML.DLL

Adware.Tracking Cookie
C:\Documents and Settings\serge\Cookies\serge@track.effiliation[1].txt
C:\Documents and Settings\serge\Cookies\serge@smartadserver[1].txt
C:\Documents and Settings\serge\Cookies\serge@doubleclick[1].txt
C:\Documents and Settings\serge\Cookies\serge@xiti[1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP108\A0020673.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP108\A0020674.EXE

Adware.Mirar/NetNucleus
C:\WINDOWS\Downloaded Program Files\WinATS.inf
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP110\A0022178.DLL

Trojan.Downloader-Gen/WinAble-Installer
C:\PROGRAM FILES\NESTOPIA\TEMPORARY\WININSTALL.EXE

Trojan.Net-Winable
C:\PROGRAM FILES\NESTOPIA\WINABLE\WINABLE.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP108\A0019487.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP108\A0020675.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP110\A0022103.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP110\A0022110.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP110\A0022130.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP110\A0022132.EXE

Adware.ClickSpring-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP108\A0020669.EXE

Trojan.Downloader-Gen/FakeAlert-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP109\A0022065.EXE

Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP110\A0022167.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\AWTSTSS.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\BYXYXYY.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\CBXVUVU.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\CBXYYWV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\EFCYXWV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\FCCDDDC.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\GEBBYWX.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\GEBBYXV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\GEBXXYW.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\HGGFEEE.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\KHFDBXY.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\NNNNMMN.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\OPNOLMN.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\PMNKLKK.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\PMNNKHG.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\QOMLMLL.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\TUVWURQ.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\URQQNNM.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\XXYXVWU.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C29C1795-0C0F-4BD8-94E1-E21B7E844323}\RP110\A0022185.DLL

Adware.RAC
C:\WINDOWS\ACDT-PID70.EXE

a demain bonne nuit !

Réponse 23 / 36

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
29 nov. 2007 à 10:44

Bonjour,

on a du bien avancer

Un nouveau rapport Hijackthis et un nouveau Combofix.

Comment va l'ordi ?

Réponse 24 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
29 nov. 2007 à 15:08

bonjour, oui sa va déja mieu il rame encore un peu mais je pense que sa doit étre a cause de mon antivirus mc affee de 2005 je crois et il n'arrive a se procurer les mises a jour nécessair pour virus scan .
sinon je ne vois pas pour le combofix et voila pr le rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15:05:54, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\McDash.exe
C:\PROGRA~1\mcafee.com\shared\mghtml.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{549A29A4-CABC-421C-8811-536B494DDA77}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F566428E-ED78-4051-A041-14A9718A6671}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 36

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
29 nov. 2007 à 17:18

RE,

le rapport Hijackthis est nickel.

Tu ne pouvais pas realncer un outils que je ne t'avais pas fait télécharger et utiliser. Désolé. Je croyais avoir vérifié.

télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Réponse 26 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
29 nov. 2007 à 18:53

OK voila le rapport de combofix

ComboFix 07-11-19.4C - serge 2007-11-29 18:10:38.1 - NTFSx86
Running from: C:\Documents and Settings\serge\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\smbols~1

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))))))))
.

2007-11-29 12:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MCAC.tmp
2007-11-29 01:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-29 01:10 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-29 01:10 <REP> d-------- C:\Documents and Settings\serge\Application Data\SUPERAntiSpyware.com
2007-11-29 01:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-28 20:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-28 17:27 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-28 17:26 11,880 --ahs---- C:\WINDOWS\system32\ehkkj.ini
2007-11-28 16:15 <REP> d-------- C:\VundoFix Backups
2007-11-28 15:36 <REP> d-------- C:\Program Files\CCleaner
2007-11-28 12:29 13,921 ---hs---- C:\WINDOWS\system32\ehkkj.ini2
2007-11-28 12:09 44,779 ---hs---- C:\WINDOWS\system32\ehkkj.tmp
2007-11-28 00:22 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-27 17:47 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-27 15:02 <REP> d-------- C:\Program Files\McAfee
2007-11-27 15:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-27 15:01 <REP> d-------- C:\WINDOWS\system32\mclsphlr
2007-11-27 15:01 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-11-27 15:01 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2007-11-27 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-11-27 14:59 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-11-27 14:56 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-27 14:51 <REP> d-------- C:\Program Files\McAfee.com
2007-11-27 14:48 <REP> d-------- C:\Program Files\DAEMON Tools
2007-11-27 14:45 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-23 20:02 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-11-23 20:01 37,152 --a------ C:\WINDOWS\system32\Status.MPF
2007-11-23 19:56 <REP> d-------- C:\Documents and Settings\serge\Application Data\McAfee.com Personal Firewall
2007-11-23 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-22 15:29 <REP> d-------- C:\Program Files\neo geo
2007-11-22 03:50 <REP> d-------- C:\Program Files\NESTOPIA
2007-11-20 19:40 <REP> d-------- C:\Program Files\zsnes
2007-11-20 15:42 1,834 --a------ C:\WINDOWS\mozver.dat
2007-11-20 15:19 <REP> d-------- C:\Program Files\FUSION
2007-11-20 15:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-20 12:02 1,720,514 --a------ C:\Program Files\[N64] Project64.1.6 [Plugins inclus].exe
2007-11-20 10:39 6,843 ---hs---- C:\WINDOWS\system32\ehkkj.bak2
2007-11-19 16:12 6,470 ---hs---- C:\WINDOWS\system32\ehkkj.bak1
2007-11-17 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2007-11-17 20:17 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2007-11-17 20:17 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2007-11-17 20:17 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-11-17 20:17 97 --a------ C:\WINDOWS\system32\PICSDK.ini
2007-11-17 20:11 71,168 --a------ C:\WINDOWS\system32\E_FLBBEE.DLL
2007-11-17 20:11 62,976 --a------ C:\WINDOWS\system32\E_FD4BBEE.DLL
2007-11-17 20:11 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-17 20:10 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-17 20:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-17 20:07 <REP> d-------- C:\Program Files\epson
2007-11-17 20:07 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2007-11-17 20:07 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2007-11-17 20:07 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2007-11-15 18:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2007-11-15 18:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2007-11-15 18:17 <REP> d-------- C:\Program Files\Neuf
2007-11-15 18:12 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-11-14 02:22 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-14 02:22 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-14 02:22 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-14 02:13 <REP> d-------- C:\Downloads
2007-11-13 11:44 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-13 11:34 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2007-11-10 15:59 <REP> d-------- C:\WINDOWS\provisioning
2007-11-10 15:59 <REP> d-------- C:\WINDOWS\peernet
2007-11-10 15:49 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-11-10 15:27 <REP> d-------- C:\WINDOWS\EHome
2007-11-10 14:48 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2007-11-10 14:48 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-11-10 14:48 7,208 --------- C:\WINDOWS\system32\secupd.sig
2007-11-10 14:48 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-11-10 11:38 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-11-10 11:38 608,256 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2007-11-10 11:38 332,800 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-11-10 11:38 266,752 --a------ C:\WINDOWS\system32\h323.tsp
2007-11-10 11:38 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-11-10 10:30 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-11-10 10:30 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-11-10 10:30 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-11-10 10:30 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2007-11-10 10:30 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-11-10 10:29 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-11-10 10:29 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-11-10 10:29 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-11-10 10:29 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-11-10 10:29 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-11-10 10:29 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-11-10 10:29 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-11-10 10:29 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-11-10 09:37 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2007-11-08 22:34 <REP> d-------- C:\Documents and Settings\serge\Application Data\vlc
2007-11-08 22:29 <REP> d-------- C:\Program Files\VideoLAN
2007-11-08 17:40 5,062,528 --a------ C:\Program Files\bitcomet_bitcomet_0.94_francais_12987.exe
2007-11-08 16:51 <REP> d-------- C:\Documents and Settings\serge\Application Data\BitTorrent
2007-11-08 16:50 5,832,685 --a------ C:\Program Files\BitTorrent-5.0.7.exe
2007-11-08 16:23 <REP> d-------- C:\Program Files\eChanblard
2007-11-08 16:23 6,016,846 --a------ C:\Program Files\eChanblard.exe
2007-11-08 15:56 <REP> d-------- C:\Documents and Settings\serge\Contacts
2007-11-08 15:54 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-08 15:51 17,929,072 --a------ C:\Program Files\Install_Messenger.exe
2007-11-08 15:21 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 11:02 1,720,514 ----a-w C:\Program Files\[N64] Project64.1.6 [Plugins inclus].exe
2007-11-17 19:15 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-15 17:52 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-07 16:55 --------- d-----w C:\Program Files\EBP
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 18:29]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-11-09 15:01]
"CleanUp"="C:\PROGRA~1\McAfee.com\Shared\mcappins.exe" [2006-01-23 17:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\Program Files\MSN Gaming Zone\propryhdev.html
FriendlyName=

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 18:15:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-29 18:19:14
.
--- E O F ---

Réponse 27 / 36

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
29 nov. 2007 à 19:35

Bonjour,

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\ehkkj.ini
C:\WINDOWS\system32\ehkkj.ini2
C:\WINDOWS\system32\ehkkj.tmp
C:\WINDOWS\system32\ehkkj.bak2
C:\WINDOWS\system32\ehkkj.bak1

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes avant de faire la suite.

Relance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche. Décoche Avancé. Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur Analyse
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur Lancer le Nettoyage

Clique sur l'icône Erreurs situés dans la marge à gauche.
• Puis clique sur Analyser les erreurs
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur Corriger les erreurs.

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement

Poste le rapport de OTMoveIt

Réponse 28 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
29 nov. 2007 à 20:52

ok sa y est voila le log OTMove it

C:\WINDOWS\system32\ehkkj.ini moved successfully.
C:\WINDOWS\system32\ehkkj.ini2 moved successfully.
C:\WINDOWS\system32\ehkkj.tmp moved successfully.
C:\WINDOWS\system32\ehkkj.bak2 moved successfully.
C:\WINDOWS\system32\ehkkj.bak1 moved successfully.

Created on 11/29/2007 20:04:17

Réponse 29 / 36

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
29 nov. 2007 à 21:05

Re,

redémarre en mode sans échec sur ta session normale.

• Ouvre le dossier SDFix qui a été créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum !

Réponse 30 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
29 nov. 2007 à 22:22

voila le rapport de SDFix

SDFix: Version 1.115

Run by serge on 29/11/2007 at 21:19

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\serge\Bureau\SDFix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 21:46:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,98,60,0e,04,34,46,f7,f2,3a,e5,6c,39,57,19,a2,29,d5,e1,37,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,df,ee,f5,01,39,19,db,88,de,6b,85,c4,e5,b9,45,46,..
"khjeh"=hex:41,9c,32,e2,a4,61,9d,70,ec,26,9b,f6,56,6b,3d,57,ac,6d,06,c8,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:16,3c,c7,0b,77,49,2c,46,ef,c6,66,6e,7e,b8,94,be,a0,4b,19,a1,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,98,60,0e,04,34,46,f7,f2,3a,e5,6c,39,57,19,a2,29,d5,e1,37,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,df,ee,f5,01,39,19,db,88,de,6b,85,c4,e5,b9,45,46,..
"khjeh"=hex:41,9c,32,e2,a4,61,9d,70,ec,26,9b,f6,56,6b,3d,57,ac,6d,06,c8,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:16,3c,c7,0b,77,49,2c,46,ef,c6,66,6e,7e,b8,94,be,a0,4b,19,a1,64,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\lola.tartarin@hotmail.fr\DFSR\Staging\CS{DAB2A40F-96B6-1377-D943-13E6B75CF640}\01\10-{DAB2A40F-96B6-1377-D943-13E6B75CF640}-v1-{E35256F2-7620-4546-942B-5BF62DA9BDE2}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\22\7683-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7622-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7683-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\00\7661-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7600-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7661-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 496 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\01\11-{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}-v1-{E35256F2-7620-4546-942B-5BF62DA9BDE2}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\01\7662-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7601-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7662-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\02\7663-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7602-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7663-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\03\7664-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7603-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7664-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 536 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\04\7665-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7604-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7665-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\05\7666-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7605-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7666-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 536 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\06\7667-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7606-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7667-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\07\7668-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7607-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7668-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\08\7669-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7608-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7669-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\09\7670-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7609-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7670-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\10\7671-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7610-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7671-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\11\7672-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7611-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7672-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\12\7673-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7612-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7673-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\13\7674-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7613-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7674-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\14\22-{CBBD205D-C6A6-4620-9359-9C2E8C972F2B}-v14-{AA8448B4-2939-42D3-A813-871F89B6F538}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 536 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\14\7675-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7614-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7675-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 584 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\15\7676-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7615-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7676-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\16\7677-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7616-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7677-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\17\7678-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7617-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7678-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\18\7679-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7618-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7679-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\19\7680-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7619-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7680-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 624 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\20\7681-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7620-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7681-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 584 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\21\7682-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7621-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7682-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 472 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\23\7684-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7623-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7684-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\24\7685-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7624-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7685-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 512 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\25\7686-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7625-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7686-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\26\7687-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7626-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7687-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\27\7688-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7627-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7688-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\28\7689-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7628-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7689-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\29\7690-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7629-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7690-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\30\7691-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7630-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7691-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 592 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\31\7692-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7631-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7692-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\32\7693-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7632-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7693-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\33\7694-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7633-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7694-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\34\7695-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7634-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7695-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\35\7696-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7635-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7696-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 480 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\36\7697-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7636-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7697-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\37\7698-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7637-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7698-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\38\7699-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7638-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7699-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\39\7700-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7639-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7700-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\40\7701-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7640-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7701-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\41\7702-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7641-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7702-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\42\7703-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7642-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7703-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\43\7704-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7643-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7704-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\44\7705-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7644-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7705-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\45\7706-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7645-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7706-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\46\7707-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7646-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7707-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\78\7596-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7578-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7596-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\79\7590-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7579-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7590-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\80\7597-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7580-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7597-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\81\7595-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7581-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7595-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 512 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\82\7647-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7582-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7647-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\83\7648-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7583-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7648-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\84\7649-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7584-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7649-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 584 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\85\7650-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7585-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7650-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\86\7651-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7586-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7651-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\87\7652-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7587-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7652-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\88\7653-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7588-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7653-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\89\7654-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7589-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7654-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 496 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\91\7655-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7591-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7655-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 592 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\92\7656-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7592-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7656-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\93\7657-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7593-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7657-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\94\7658-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7594-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7658-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\98\7659-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7598-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7659-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 592 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\sistananou@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{7D8A0E48-40EA-4AD6-FC61-DA85B35AB67D}\99\7660-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7599-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7660-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\23\7489-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7423-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7489-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\00\7466-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7400-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7466-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 512 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\01\10-{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}-v1-{6FC8C8E1-6C9A-4545-A0BF-669E2C4D779F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\01\7467-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7401-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7467-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\02\7468-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7402-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7468-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\04\7470-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7404-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7470-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 584 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\05\7471-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7405-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7471-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\06\7472-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7406-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7472-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\07\7473-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7407-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7473-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\08\7474-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7408-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7474-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\09\7475-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7409-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7475-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 496 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\10\7476-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7410-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7476-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 592 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\11\7477-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7411-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7477-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\12\7478-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7412-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7478-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\13\7479-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7413-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7479-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\14\7480-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7414-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7480-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 536 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\15\7481-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7415-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7481-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 592 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\16\7482-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7416-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7482-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\17\7483-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7417-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7483-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 496 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\18\7484-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7418-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7484-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\19\7485-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7419-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7485-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\20\7486-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7420-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7486-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 536 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\21\7487-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7421-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7487-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\22\7488-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7422-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7488-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 536 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\24\7490-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7424-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7490-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\25\7491-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7425-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7491-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\26\7492-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7426-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7492-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\27\7493-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7427-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7493-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\28\7494-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7428-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7494-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\29\7495-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7429-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7495-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\30\7496-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7430-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7496-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\31\7497-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7431-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7497-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 584 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\32\7498-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7432-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7498-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\33\7499-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7433-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7499-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\34\7500-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7434-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7500-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\35\7501-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7435-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7501-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\36\7502-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7436-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7502-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 624 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\37\7503-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7437-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7503-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 584 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\38\7504-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7438-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7504-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 472 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\39\7505-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7439-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7505-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\40\7506-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7440-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7506-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\41\7507-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7441-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7507-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 512 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\42\7508-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7442-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7508-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\43\7509-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7443-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7509-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 568 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\44\7510-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7444-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7510-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\45\7511-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7445-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7511-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\46\7512-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7446-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7512-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\47\7513-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7447-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7513-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 592 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\48\7514-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7448-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7514-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\49\7515-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7449-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7515-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\50\7516-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7450-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7516-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\51\7517-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7451-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7517-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\52\7518-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7452-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7518-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 480 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\53\7519-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7453-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7519-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\54\7520-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7454-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7520-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 560 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\55\7521-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7455-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7521-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\56\7522-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7456-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7522-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\57\7523-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7457-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7523-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\58\7524-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7458-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7524-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\59\7525-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7459-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7525-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 552 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\60\7526-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7460-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7526-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 528 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\61\7527-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7461-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7527-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\62\7528-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7462-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7528-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\96\7469-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7396-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7469-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 600 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\97\7463-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7397-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7463-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\98\7464-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7398-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7464-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 520 bytes hidden from API
C:\Documents and Settings\serge\Local Settings\Application Data\Microsoft\Messenger\soundcork@hotmail.fr\SharingMetadata\mykl86@hotmail.fr\DFSR\Staging\CS{B98CC8CA-605E-FEB5-FCBD-2F468BDA0B99}\99\7465-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7399-{AA8448B4-2939-42D3-A813-871F89B6F538}-v7465-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 616 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 136

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Files with Hidden Attributes:

Tue 13 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BITA.tmp"
Wed 28 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\825602f548d54de494879712d10e8261\BIT3.tmp"
Wed 28 Nov 2007 44,779 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ehkkj.tmp"
Wed 28 Nov 2007 6,843 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ehkkj.bak2"
Mon 19 Nov 2007 6,470 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ehkkj.bak1"

Finished!

Réponse 31 / 36

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
29 nov. 2007 à 22:49

Re,

Supprime BTFix.zip et le dossier BTFix sur ton bureau

relance OTMoveit, clique sur le bouton cleanup.

Redémarre la machine.

Vide la corbeille.

Encore des soucis ?

Réponse 32 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
29 nov. 2007 à 23:51

merci non plus de souci pour l'instant tout est redevenu normale je crois par contre estce qu'il faut que je garde tout c'est programme ( cleaner , SDfix, VUndofix,SAS,combofix,virtumundobe) et sinon je voulais savoir si avast était sufisant comme antivirus car j'ai peur que ma version de mc affee ne soit plus a jour . merci bien

Réponse 33 / 36

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
30 nov. 2007 à 00:00

Re,

si tu as fait ce que j'ai dit au post 31n les programmes que tu cites devraient avoir disparu.

le meilleur antivirus gratuit actuellement est antivir (avec un anti rootkit intégré.

tuto et lien de téléchargement ici :

https://www.malekal.com/avira-free-security-antivirus-gratuit/

Remets un rapport Hijackthis quand tu as fait tout ça. (il faudra peut être que tu le retélécharges :
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm )

Réponse 34 / 36

mejico Messages postés 20 Date d'inscription mardi 27 novembre 2007 Statut Membre Dernière intervention 30 novembre 2007
30 nov. 2007 à 18:14

bonsoir,
En faite j'ai gardé mc afee car il a reussi a se mettre a jour et supprimé et désinstallé tout les petit programme .
voila le rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 18:09:08, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
C:\PROGRA~1\mcafee.com\shared\mghtml.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{549A29A4-CABC-421C-8811-536B494DDA77}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F566428E-ED78-4051-A041-14A9718A6671}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Réponse 35 / 36

jalobservateur Messages postés 7372 Date d'inscription lundi 16 juillet 2007 Statut Contributeur sécurité Dernière intervention 10 mai 2012 930
30 nov. 2007 à 18:51

Salut vous 2!
Du beau boulôt!!!
Tu dois maintenant comprendre,mejico ,le pourquoi de mon premier message;-)
Lyonnais a comme toujours, 'allumé' !
Il te donnera ces dernières observations et recommandations.
Bonne soirée à vous .
Jla

Réponse 36 / 36

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
30 nov. 2007 à 19:29

Bonsoir,

on est arrivé.

Tu refais un scan avec superantispyware et un scan avec ton mac afee.

Tu mets les rapports s'il y a quelque chose.

Nettoyage des fichiers avec ccleaner.

Nettoyage du registre avec le même.

Ouvre ce lien :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

dans un premier temps désactive ta restauration puis tu la réactive.

Discussions similaires

TI college plus (calculatrice probleme)

comment taper log10 sur une TI83plus.fr ?

Caluculatrice Ti Collège

Analyse des logs hijackthis

logs freebox serveur