Help script contre ssvichosst.exe marche pas!
Résolu
fares
-
FillPCA Messages postés 2264 Statut Contributeur sécurité -
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Re Bonjour,
Je refais un poste car je crosi que le premier est passé inapercu :( je galère avec le virus ssvichosst.exe j'ai lu toute les discutions dessus et essayé les solutions proposées mais ca n'a pas marcher donc voila ou j'en suis:
J'ai decouvert que le virus venait dune clé usb, jai formater la clé. Sur mon pc le virus me bloque l'acces a la modification du registre et au gestionnaire des taches. J'arrive a récuper ses fonctions grave a spybot search and destroy qui repare trois problemes :
Microsoft.Windows.Explorer
Microsoft.WindowsSecurityCenter.RegistryTools
Microsoft.WindowsSecurityCenter.TaskManager
Mais impossible de supprimer le virus completement, a chaque redemarrage il revient. Par contre il ne se propage pas comme pour d'autre surement grace a Kerio firewall. J'ai egalement essayer le script donné dans une autre discussion mais lorsque ke je double click dessus il y a une erreur.
Donc voila j'ai besoin d'aide s'il vous plait! merciiiiiiii
le log de highjachthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:59:36, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\SSVICHOSST.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\fares\Bureau\Nouveau dossier\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Je refais un poste car je crosi que le premier est passé inapercu :( je galère avec le virus ssvichosst.exe j'ai lu toute les discutions dessus et essayé les solutions proposées mais ca n'a pas marcher donc voila ou j'en suis:
J'ai decouvert que le virus venait dune clé usb, jai formater la clé. Sur mon pc le virus me bloque l'acces a la modification du registre et au gestionnaire des taches. J'arrive a récuper ses fonctions grave a spybot search and destroy qui repare trois problemes :
Microsoft.Windows.Explorer
Microsoft.WindowsSecurityCenter.RegistryTools
Microsoft.WindowsSecurityCenter.TaskManager
Mais impossible de supprimer le virus completement, a chaque redemarrage il revient. Par contre il ne se propage pas comme pour d'autre surement grace a Kerio firewall. J'ai egalement essayer le script donné dans une autre discussion mais lorsque ke je double click dessus il y a une erreur.
Donc voila j'ai besoin d'aide s'il vous plait! merciiiiiiii
le log de highjachthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:59:36, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\SSVICHOSST.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\fares\Bureau\Nouveau dossier\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
A voir également:
- Help script contre ssvichosst.exe marche pas!
- Script vidéo youtube - Guide
- Mas script - Accueil - Windows
- Ghost script - Télécharger - Polices de caractères
- Script cmd - Guide
- Execution du script d'installation microsoft vc redistributable - Forum Jeux vidéo
11 réponses
Salut,
# Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
# Déroule la liste des instructions ci-dessous :
* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
FillPCA
# Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
# Déroule la liste des instructions ci-dessous :
* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
FillPCA
voila :
SDFix: Version 1.116
Run by fares on sam. 01/12/2007 at 19:54
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\install.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 19:59:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:5e22c972
"s1"=dword:ad4215e9
"s2"=dword:ef6b2a98
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c0,3c,cd,f9,3e,52,14,41,04,4c,3b,09,63,ba,1f,8d,c5,dd,06,34,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,73,d4,46,eb,88,83,de,0a,7f,e2,8b,f3,c5,e4,29,ff,35,..
"khjeh"=hex:e7,6a,ce,52,9a,62,6d,65,38,a7,75,9c,dd,42,a9,cf,f9,68,08,88,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9a,a2,1b,1f,7f,25,c6,61,2c,b7,d5,33,7f,ca,9f,85,3b,d9,42,6d,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c0,3c,cd,f9,3e,52,14,41,04,4c,3b,09,63,ba,1f,8d,c5,dd,06,34,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,73,d4,46,eb,88,83,de,0a,7f,e2,8b,f3,c5,e4,29,ff,35,..
"khjeh"=hex:e7,6a,ce,52,9a,62,6d,65,38,a7,75,9c,dd,42,a9,cf,f9,68,08,88,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9a,a2,1b,1f,7f,25,c6,61,2c,b7,d5,33,7f,ca,9f,85,3b,d9,42,6d,8d,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\n.ad.ham@hotmail.fr\DFSR\Staging\CS{998C5E36-BF91-96B7-91E7-EE109EC926B5}\01\103-{998C5E36-BF91-96B7-91E7-EE109EC926B5}-v1-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\01\10-{9A23CFAA-8405-968D-2521-21F832A66B81}-v1-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\13\21-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v13-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30720 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\13\21-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v13-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3400 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\14\26-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v14-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4688 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\15\37-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v15-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4080 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\16\28-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v16-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4520 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\17\30-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v17-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3064 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\19\29-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v19-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5800 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\22\31-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v22-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4704 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\23\32-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v23-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4512 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\24\33-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v24-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3632 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\25\35-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v25-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5168 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\36\38-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v36-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 13096 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\39\41-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v39-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4064 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\42\43-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v42-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\43\54-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v43-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 42042 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\43\54-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v43-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4600 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\44\44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8256 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\44\44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\44\51-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v44-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3880 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\45\45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6312 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\45\45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 696 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\45\53-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v45-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2152 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\46\79-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v46-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6474 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\46\79-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v46-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 696 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\47\82-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v47-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6168 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\47\82-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v47-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 688 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\48\48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5250 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\48\48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\49\49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3792 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\49\49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\49\56-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v49-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4096 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\50\50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5988 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\50\50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 664 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\50\61-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v50-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3648 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\51\51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5880 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\51\51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 640 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\52\63-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v52-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7912 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\57\67-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v57-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 11440 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\58\68-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v58-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5216 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\59\70-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v59-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v70-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5408 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\60\60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 768 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\60\60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\60\69-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v60-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1448 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\62\71-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v62-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v71-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3520 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\64\72-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v64-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v72-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6600 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\65\73-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v65-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6128 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\66\74-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v66-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v74-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4728 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\01\10-{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}-v1-{59E7FD13-20D0-474E-AE19-39D7C760563A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\07\1007-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1007-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1007-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 41112 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\08\1011-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1008-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1011-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 400206 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\08\1011-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1008-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1011-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 27246 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\08\1011-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1008-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1011-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 35192 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\09\1012-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1009-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1012-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 16864 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe:*:Enabled:Battlefield 2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 20:05:14, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\fares\Bureau\Nouveau dossier\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SDFix: Version 1.116
Run by fares on sam. 01/12/2007 at 19:54
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\install.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 19:59:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:5e22c972
"s1"=dword:ad4215e9
"s2"=dword:ef6b2a98
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c0,3c,cd,f9,3e,52,14,41,04,4c,3b,09,63,ba,1f,8d,c5,dd,06,34,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,73,d4,46,eb,88,83,de,0a,7f,e2,8b,f3,c5,e4,29,ff,35,..
"khjeh"=hex:e7,6a,ce,52,9a,62,6d,65,38,a7,75,9c,dd,42,a9,cf,f9,68,08,88,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9a,a2,1b,1f,7f,25,c6,61,2c,b7,d5,33,7f,ca,9f,85,3b,d9,42,6d,8d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c0,3c,cd,f9,3e,52,14,41,04,4c,3b,09,63,ba,1f,8d,c5,dd,06,34,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,73,d4,46,eb,88,83,de,0a,7f,e2,8b,f3,c5,e4,29,ff,35,..
"khjeh"=hex:e7,6a,ce,52,9a,62,6d,65,38,a7,75,9c,dd,42,a9,cf,f9,68,08,88,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9a,a2,1b,1f,7f,25,c6,61,2c,b7,d5,33,7f,ca,9f,85,3b,d9,42,6d,8d,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\n.ad.ham@hotmail.fr\DFSR\Staging\CS{998C5E36-BF91-96B7-91E7-EE109EC926B5}\01\103-{998C5E36-BF91-96B7-91E7-EE109EC926B5}-v1-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\01\10-{9A23CFAA-8405-968D-2521-21F832A66B81}-v1-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\13\21-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v13-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30720 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\13\21-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v13-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3400 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\14\26-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v14-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4688 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\15\37-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v15-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4080 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\16\28-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v16-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4520 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\17\30-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v17-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3064 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\19\29-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v19-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5800 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\22\31-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v22-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4704 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\23\32-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v23-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4512 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\24\33-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v24-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3632 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\25\35-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v25-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5168 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\36\38-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v36-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 13096 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\39\41-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v39-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4064 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\42\43-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v42-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\43\54-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v43-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 42042 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\43\54-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v43-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4600 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\44\44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8256 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\44\44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\44\51-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v44-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3880 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\45\45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6312 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\45\45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 696 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\45\53-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v45-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2152 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\46\79-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v46-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6474 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\46\79-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v46-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 696 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\47\82-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v47-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6168 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\47\82-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v47-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 688 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\48\48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5250 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\48\48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\49\49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3792 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\49\49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\49\56-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v49-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4096 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\50\50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5988 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\50\50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 664 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\50\61-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v50-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3648 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\51\51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5880 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\51\51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 640 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\52\63-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v52-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7912 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\57\67-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v57-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 11440 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\58\68-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v58-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5216 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\59\70-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v59-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v70-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5408 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\60\60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 768 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\60\60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-{F2B65EDE-BC5E-4B50-86DA-CA97E216160C}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\60\69-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v60-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1448 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\62\71-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v62-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v71-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3520 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\64\72-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v64-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v72-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6600 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\65\73-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v65-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6128 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\neijma@hotmail.fr\DFSR\Staging\CS{9A23CFAA-8405-968D-2521-21F832A66B81}\66\74-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v66-{78D9B124-24AB-423F-BF6C-71F07B14D5B3}-v74-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4728 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\01\10-{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}-v1-{59E7FD13-20D0-474E-AE19-39D7C760563A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\07\1007-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1007-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1007-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 41112 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\08\1011-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1008-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1011-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 400206 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\08\1011-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1008-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1011-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 27246 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\08\1011-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1008-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1011-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 35192 bytes hidden from API
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\keitaro_viper@hotmail.com\SharingMetadata\little_devil_78@hotmail.fr\DFSR\Staging\CS{21F983EE-FC5C-B8A6-DBE2-4EF2CF4B328D}\09\1012-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1009-{7F61354A-C944-4BF6-8C26-718CA98F7AA3}-v1012-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 16864 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe:*:Enabled:Battlefield 2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 20:05:14, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\fares\Bureau\Nouveau dossier\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download
Ouvre Ccleaner, clique sur "lancer le nettoyage".
2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.
4/ Edite le rapport AVGantispyware et le rapport Kaspersky.
FillPCA
1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download
Ouvre Ccleaner, clique sur "lancer le nettoyage".
2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.
4/ Edite le rapport AVGantispyware et le rapport Kaspersky.
FillPCA
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:07:58 1/12/2007
+ Résultat de l'analyse:
C:\SDFix\backups\backups.zip/backups/autorun.ini -> Trojan.AutoRun.a : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
J'ai fait le scan sur kaspersky, j'ai juste le copier...:( jdois le refaire?
---------------------------------------------------------
+ Créé à: 21:07:58 1/12/2007
+ Résultat de l'analyse:
C:\SDFix\backups\backups.zip/backups/autorun.ini -> Trojan.AutoRun.a : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
J'ai fait le scan sur kaspersky, j'ai juste le copier...:( jdois le refaire?
re, voila ca a été un peu long dsl.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 01, 2007 10:23:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469906
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
G:\
Scan Statistics:
Total number of scanned objects: 42678
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:31:21
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\fares\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\dfsr.db Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\fsr.log Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\fsrtmp.log Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\tmp.edb Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows Live Contacts\faroo@hotmail.fr\real\members.stg Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows Live Contacts\faroo@hotmail.fr\shadow\members.stg Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF4A75.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF4A7A.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF5076.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF5083.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\fares\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\fares\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd6077.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 01, 2007 10:23:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469906
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
G:\
Scan Statistics:
Total number of scanned objects: 42678
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:31:21
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\fares\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\dfsr.db Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\fsr.log Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\fsrtmp.log Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Messenger\faroo@hotmail.fr\SharingMetadata\Working\database_8420_5F34_205F_2C84\tmp.edb Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows Live Contacts\faroo@hotmail.fr\real\members.stg Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Application Data\Microsoft\Windows Live Contacts\faroo@hotmail.fr\shadow\members.stg Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF4A75.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF4A7A.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF5076.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temp\~DF5083.tmp Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\fares\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\fares\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\fares\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd6077.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Re,
Ca parait tout bon. Tu as toujours des soucis ?
Sinon, tu peux marquer ton sujet comme "résolu".
Consulte ce sujet, car je viens de voir que tu n'as pas d'antivirus et c'est très imrpudent : https://forum.pcastuces.com/default.asp
FillPCA
Ca parait tout bon. Tu as toujours des soucis ?
Sinon, tu peux marquer ton sujet comme "résolu".
Consulte ce sujet, car je viens de voir que tu n'as pas d'antivirus et c'est très imrpudent : https://forum.pcastuces.com/default.asp
FillPCA
