Besoin d'aide pour lire un resultat de scan

Résolu/Fermé

andrée - 2 déc. 2007 à 19:16
rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 - 13 déc. 2007 à 20:46

Bonjour,
J'ai depuis quelques temps de nombreuses pop up du genre spyware secure, casino en ligne....En plus, j'ai l'impression que mon ordi rame beaucoup. J'ai déjà installé un anti pop-up ad block, ainsi que plusieurs anti spyware, celui d'AVG, ashampoo, spybot...et rien ne marche !!
J'ai lu sur l'un de vos forum que je pouvais envoyer le rapport du scan de navilog1...est-ce vraiment possible ??
merci d'avance.

A voir également:

Besoin d'aide pour lire un resultat de scan
Lire le coran en français pdf - Télécharger - Histoire & Religion
Lire epub - Guide
Lire fichier bin - Guide
Scan now - Guide
Comment lire un message supprimé sur whatsapp - Guide

27 réponses

Réponse 21 / 27

andree
5 déc. 2007 à 11:38

voilà le rapport de SDFix :

SDFix: Version 1.116

Run by jo on 05/12/2007 at 11:18

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\jo\Bureau\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 11:22:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94019955]
"001a8a228e60"=hex:ec,29,f7,f5,5d,52,43,dc,6d,d3,e9,78,0a,6e,5e,5c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a94019955]
"001a8a228e60"=hex:ec,29,f7,f5,5d,52,43,dc,6d,d3,e9,78,0a,6e,5e,5c

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\Windows Update.log 240 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1435283 bytes
C:\WINDOWS\winhelp.exe 256768 bytes
C:\WINDOWS\winhlp32.exe 288256 bytes executable
C:\WINDOWS\winnt.bmp 49102 bytes
C:\WINDOWS\winnt256.bmp 49102 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
C:\WINDOWS\WinSxS\InstallTemp
C:\WINDOWS\WinSxS\Manifests
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat 9679 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.Manifest 500 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da.cat 9675 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da.Manifest 3489 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39.cat 7238 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39.Manifest 443 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 7429 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1877 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 7429 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1177 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d.cat 7429 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d.Manifest 460 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 7431 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb.cat 8335 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb.manifest 1869 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat 8335 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest 1869 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
C:\WINDOWS\WinSxS\Policies
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 7431 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 623 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 7429 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 7429 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.163.cat 8355 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.163.policy 786 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.cat 8355 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.policy 800 bytes
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll 82432 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll 1230336 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39\mfc42fra.dll 57344 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll 479232 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll 548864 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll 626688 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll 479232 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll 548864 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll 626688 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll 322560 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 852992 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 994816 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll 137728 bytes executable
C:\WINDOWS\wmprfFRA.prx 39340 bytes
C:\WINDOWS\wmsetup.log 57305 bytes
C:\WINDOWS\wmsetup10.log 238 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WRUninstall.dll 468480 bytes executable
C:\WINDOWS\yesmessenger.ini 60 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\52\4070-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4052-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4070-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 736 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\00\4120-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4100-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1344 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\01\10-{41EB2B0A-4AD8-F683-3314-6283BC61AD67}-v1-{A0C19BCA-578A-4B14-B4E1-8E5E76053F36}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\01\4121-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4101-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1128 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\02\4122-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4102-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 656 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\03\4123-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4103-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4123-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 912 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\19\4023-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4019-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4023-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6352 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\21\4027-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4021-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4027-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5656 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\28\4031-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4028-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4031-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2904 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\29\4032-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4029-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4032-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 696 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\33\4039-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4033-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4039-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1072 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\34\4074-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4034-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4074-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1384 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\35\4075-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4035-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4075-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1136 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\36\4076-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4036-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4076-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1472 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\37\4077-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4037-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4077-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1448 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\38\4078-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4038-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4078-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 880 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\41\4059-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4041-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4059-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1032 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\42\4060-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4042-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4060-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\43\4061-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4043-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4061-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1424 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\44\4062-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4044-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4062-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1248 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\45\4063-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4045-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4063-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1304 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\46\4064-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4046-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4064-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 584 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\47\4065-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4047-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4065-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1208 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\48\4066-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4048-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4066-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1424 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\49\4067-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4049-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4067-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1360 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\50\4068-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4050-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4068-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1448 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\51\4069-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4051-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4069-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1472 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\53\4071-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4053-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4071-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 512 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\54\4079-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4054-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4079-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 536 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\55\4080-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4055-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4080-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1064 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\56\4081-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4056-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4081-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1464 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\57\4082-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4057-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4082-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2136 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\58\4083-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4058-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4083-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1696 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\84\4115-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4084-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4115-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1328 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\85\4104-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4085-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1008 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\86\4105-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4086-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4105-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\87\4106-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4087-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1208 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\88\4107-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4088-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1256 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\89\4108-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4089-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4108-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 752 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\90\4109-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4090-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4109-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\91\4110-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4091-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4110-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 920 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\92\4111-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4092-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4111-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1072 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\93\4112-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4093-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4112-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1072 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\94\4113-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4094-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4113-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1008 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\95\4114-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4095-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4114-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1008 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\96\4116-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4096-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4116-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\97\4117-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4097-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4117-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\98\4118-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4098-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 992 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\afabrice2@hotmail.com\DFSR\Staging\CS{41EB2B0A-4AD8-F683-3314-6283BC61AD67}\99\4119-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4099-{EE06F4A3-F4D2-4D6D-AC50-F094B9B63947}-v4119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\andree.schmitz@wanadoo.fr\SharingMetadata\vizion.nocturne@hotmail.fr\DFSR\Staging\CS{535FDABB-5EE0-D283-7C25-B5DEE5DD233F}\01\23-{535FDABB-5EE0-D283-7C25-B5DEE5DD233F}-v1-{A0C19BCA-578A-4B14-B4E1-8E5E76053F36}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\01\10-{96F9B54C-B812-2ACC-3517-D5C50E29657F}-v1-{03F51A94-9ABE-492D-80FE-671A2C5CACE5}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\61\285-{D5A012E3-8B82-423E-849C-88104EE54D49}-v261-{D5A012E3-8B82-423E-849C-88104EE54D49}-v285-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2784 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\62\286-{D5A012E3-8B82-423E-849C-88104EE54D49}-v262-{D5A012E3-8B82-423E-849C-88104EE54D49}-v286-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3360 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\63\287-{D5A012E3-8B82-423E-849C-88104EE54D49}-v263-{D5A012E3-8B82-423E-849C-88104EE54D49}-v287-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1608 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\64\288-{D5A012E3-8B82-423E-849C-88104EE54D49}-v264-{D5A012E3-8B82-423E-849C-88104EE54D49}-v288-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1616 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\65\289-{D5A012E3-8B82-423E-849C-88104EE54D49}-v265-{D5A012E3-8B82-423E-849C-88104EE54D49}-v289-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3000 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\66\290-{D5A012E3-8B82-423E-849C-88104EE54D49}-v266-{D5A012E3-8B82-423E-849C-88104EE54D49}-v290-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3104 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\67\291-{D5A012E3-8B82-423E-849C-88104EE54D49}-v267-{D5A012E3-8B82-423E-849C-88104EE54D49}-v291-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2840 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\68\292-{D5A012E3-8B82-423E-849C-88104EE54D49}-v268-{D5A012E3-8B82-423E-849C-88104EE54D49}-v292-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2952 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\69\293-{D5A012E3-8B82-423E-849C-88104EE54D49}-v269-{D5A012E3-8B82-423E-849C-88104EE54D49}-v293-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2848 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\70\294-{D5A012E3-8B82-423E-849C-88104EE54D49}-v270-{D5A012E3-8B82-423E-849C-88104EE54D49}-v294-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1464 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\71\295-{D5A012E3-8B82-423E-849C-88104EE54D49}-v271-{D5A012E3-8B82-423E-849C-88104EE54D49}-v295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3056 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\72\296-{D5A012E3-8B82-423E-849C-88104EE54D49}-v272-{D5A012E3-8B82-423E-849C-88104EE54D49}-v296-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1624 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\73\297-{D5A012E3-8B82-423E-849C-88104EE54D49}-v273-{D5A012E3-8B82-423E-849C-88104EE54D49}-v297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2712 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\74\298-{D5A012E3-8B82-423E-849C-88104EE54D49}-v274-{D5A012E3-8B82-423E-849C-88104EE54D49}-v298-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2776 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\75\299-{D5A012E3-8B82-423E-849C-88104EE54D49}-v275-{D5A012E3-8B82-423E-849C-88104EE54D49}-v299-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3080 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\76\300-{D5A012E3-8B82-423E-849C-88104EE54D49}-v276-{D5A012E3-8B82-423E-849C-88104EE54D49}-v300-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3344 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\77\301-{D5A012E3-8B82-423E-849C-88104EE54D49}-v277-{D5A012E3-8B82-423E-849C-88104EE54D49}-v301-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3376 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\78\302-{D5A012E3-8B82-423E-849C-88104EE54D49}-v278-{D5A012E3-8B82-423E-849C-88104EE54D49}-v302-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3344 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\79\303-{D5A012E3-8B82-423E-849C-88104EE54D49}-v279-{D5A012E3-8B82-423E-849C-88104EE54D49}-v303-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2992 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\80\304-{D5A012E3-8B82-423E-849C-88104EE54D49}-v280-{D5A012E3-8B82-423E-849C-88104EE54D49}-v304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3048 bytes hidden from API
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\jedy441@hotmail.com\SharingMetadata\nanoune15@hotmail.com\DFSR\Staging\CS{96F9B54C-B812-2ACC-3517-D5C50E29657F}\81\284-{D5A012E3-8B82-423E-849C-88104EE54D49}-v281-{D5A012E3-8B82-423E-849C-88104EE54D49}-v284-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3024 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 188

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Files with Hidden Attributes:

Thu 19 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Sun 26 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

Réponse 22 / 27

andree
5 déc. 2007 à 11:40

et voilà le log de hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:25, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2fe8a39f7fa0450bbbe7baa5adc20d13
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2fe8a39f7fa0450bbbe7baa5adc20d13
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0167481-42D2-4EC2-91C1-D51E809266FE}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

Réponse 23 / 27

rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
5 déc. 2007 à 21:07

Télécharge combofix :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-clic sur combofix il vas te demander une question répond oui touche y puis attends que combofix soit fini il vas générer un rapport

Poste le sur le forum dans ta réponse

Télécharge AVG anti-rootkit.
http://beta.grisoft.cz/beta/betarep.files/antirootkit/AVG_AntiRootkit_1.0.0.13.exe

* Double clique sur le fichier télécharger.
accepte la licence.
puis sur next puis install
redemarre ton ordinateur.

* Lance le programme
clique sur /search for rootkit
s'il trouve qu'elle que chose sélectionne, se qu'il a trouver.
puis clique sur remove selected items

Tentative de suppression du rootkit détecté
-- Sélection du « rootkit » » détecté puis utilisation de [remove selected items]
-- Affichage d'un message d'alerte « Warning ! » ... l'action est dangereuse => [O.K]
Affichage d'un deuxième message qui demande un reboot pour terminer l'opération de nettoyage.

pour voir si l'opération a marcher.
avg anti-rootkit
clique sur /search for rootkit
s'il trouve qu'elle que chose clique sur save result to file.
et post le rapport si il y en a un.

Réponse 24 / 27

andree
6 déc. 2007 à 10:22

voilà combo fix
ComboFix 07-12-02.6 - jo 2007-12-06 10:08:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.260 [GMT 1:00]
Running from: C:\Documents and Settings\jo\Bureau\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))))))))
.

2007-12-05 11:18 . 2007-12-05 11:18 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-03 19:13 . 2007-12-03 20:16 2,952 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-03 19:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-03 19:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-03 19:12 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-03 19:12 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-03 19:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-02 18:57 . 2007-12-02 23:20 <REP> d-------- C:\Program Files\Navilog1

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-02 18:29 --------- d-----w C:\Program Files\Trend Micro
2007-11-06 18:31 --------- d-----w C:\Documents and Settings\jo\Application Data\dvdcss
2007-10-27 10:22 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-10-27 10:21 --------- d-----w C:\Program Files\Apple Software Update
2007-10-27 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-22 10:21 --------- d-----w C:\Documents and Settings\jo\Application Data\Grisoft
2007-10-22 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-21 09:34 --------- d-----w C:\Documents and Settings\jo\Application Data\dBpoweramp
2007-10-21 09:31 --------- d-----w C:\Program Files\QuickTime
2007-10-20 16:32 --------- d-----w C:\Documents and Settings\jo\Application Data\foobar2000
2007-10-14 12:52 --------- d-----w C:\Program Files\Vodei
2007-10-11 13:19 --------- d-----w C:\Program Files\Exact Audio Copy
2007-10-07 17:10 --------- d-----w C:\Program Files\Illustrate
2007-10-07 15:29 --------- d-----w C:\Program Files\Monkey's Audio
2007-10-07 15:12 --------- d-----w C:\Program Files\CUE Splitter
2007-10-07 13:21 --------- d-----w C:\Documents and Settings\jo\Application Data\AccurateRip
2007-10-06 16:49 --------- d-----w C:\Program Files\foobar2000
2007-10-06 16:41 --------- d-----w C:\Program Files\Winamp
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 13:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 20:10]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-20 05:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:10 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-09-14 17:45]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5296c6d0-0bc8-11dc-82e5-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d65e50b7-c7d3-11db-82ab-000c6ef36992}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EF88945-584E-B942-0704-020000000007}]
C:\WINDOWS\svchost.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-04 16:13:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-06 08:16:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 10:11:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\Windows Update.log 240 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1440994 bytes
C:\WINDOWS\winhelp.exe 256768 bytes
C:\WINDOWS\winhlp32.exe 288256 bytes executable
C:\WINDOWS\winnt.bmp 49102 bytes
C:\WINDOWS\winnt256.bmp 49102 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\wmprfFRA.prx 39340 bytes
C:\WINDOWS\wmsetup.log 57305 bytes
C:\WINDOWS\wmsetup10.log 238 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WRUninstall.dll 468480 bytes executable
C:\WINDOWS\yesmessenger.ini 60 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes

scan completed successfully
hidden files: 17

**************************************************************************
.
Completion time: 2007-12-06 10:12:18
.
--- E O F ---

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 27

andree
6 déc. 2007 à 10:41

et bin, AVG n'a rien trouvé !! Je crois que c'est bon...je n'ai plus de pop up. Est-ce que tu pourrais me dire ce que j'avais ?? Et aussi me conseiller un logiciel de protection ?? Encore merci...c'est une Bonne action que tu as fait là...j'aurais aimé faire quelque chose pour te remercier, mais quoi ?...

Réponse 26 / 27

rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
6 déc. 2007 à 23:10

fait un scan ici
https://www.bitdefender.fr/

* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur j‘accepte
* Accepte le contrôle Active X et Installe le. Le scanner se charge
* La fenêtre change encore, clique sur ’cliquez ici pour scanner’
* Les signatures se chargent, etc.

tuto en image :
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

copie colle le résultat ici

Réponse 27 / 27

bouboulina
7 déc. 2007 à 12:11

et bin, il faut internet explorer pour faire le scan, et je l'ai pas...il me propose de le telecharger, mais ça marche pas.. est ce que c'est vraiment necessaire ??

rudyrital Messages postés 6230 Date d'inscription lundi 14 novembre 2005 Statut Membre Dernière intervention 10 octobre 2009 131
13 déc. 2007 à 20:46

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :

http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
@+

Discussions similaires

télécharger router scan v2.6

comment lire des bd gratuitement en ligne sur internet ?

scan comics

Problème lecture Scan manga

Récupérer un résultat selon la date d'aujourd'hui