Probleme explorer.exe possible virus
did
-
did -
did -
Bonjour,
J' ai un probleme avec mon ordinateur qui n'arrete pas de bugger j'ai regulierement explorer.exe qui se ferme et se rouvre et mon pc est très lent .
Je pense avoir un virus car mon antivirus(avast) detecte des virus mais je n'ai pas l'impression qu'il les supprime.
J'ai fais un rapport avec hijackthis si dessous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:00, on 15/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.EXE
D:\WINDOWS\System32\huwcyhdh.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Orange HSS\systray\systrayapp.exe
D:\Program Files\Orange HSS\Deskboard\deskboard.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {dcac21ac-0cf4-e87b-6254-af2f426f5aa0} - {0aa5f624-f2fa-4526-b78e-4fc0ca12cacd} - D:\WINDOWS\System32\kdycvhla.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B705617-6D2B-4B8B-B2DE-31676124AE00} - D:\WINDOWS\System32\gebcb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - D:\WINDOWS\System32\urqqpqq.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E9297CAB-6FCC-47AC-86B0-2AD1B42C8CD0} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O2 - BHO: (no name) - {F1AEEA77-18FA-4186-A468-233D0904EF4D} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "D:\Program Files\Fichiers communs\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=https://avsystemcare.com/
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [1cd8af87] rundll32.exe "D:\WINDOWS\System32\krvvkpud.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: urqqpqq - D:\WINDOWS\SYSTEM32\urqqpqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - D:\WINDOWS\System32\huwcyhdh.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
J' ai un probleme avec mon ordinateur qui n'arrete pas de bugger j'ai regulierement explorer.exe qui se ferme et se rouvre et mon pc est très lent .
Je pense avoir un virus car mon antivirus(avast) detecte des virus mais je n'ai pas l'impression qu'il les supprime.
J'ai fais un rapport avec hijackthis si dessous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:00, on 15/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.EXE
D:\WINDOWS\System32\huwcyhdh.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Orange HSS\systray\systrayapp.exe
D:\Program Files\Orange HSS\Deskboard\deskboard.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {dcac21ac-0cf4-e87b-6254-af2f426f5aa0} - {0aa5f624-f2fa-4526-b78e-4fc0ca12cacd} - D:\WINDOWS\System32\kdycvhla.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B705617-6D2B-4B8B-B2DE-31676124AE00} - D:\WINDOWS\System32\gebcb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - D:\WINDOWS\System32\urqqpqq.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E9297CAB-6FCC-47AC-86B0-2AD1B42C8CD0} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O2 - BHO: (no name) - {F1AEEA77-18FA-4186-A468-233D0904EF4D} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "D:\Program Files\Fichiers communs\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=https://avsystemcare.com/
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [1cd8af87] rundll32.exe "D:\WINDOWS\System32\krvvkpud.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: urqqpqq - D:\WINDOWS\SYSTEM32\urqqpqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - D:\WINDOWS\System32\huwcyhdh.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
A voir également:
- Probleme explorer.exe possible virus
- Explorer.exe - Télécharger - Divers Utilitaires
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
4 réponses
bonsoir
effectivement tu es infecté, mais ton système d'exploitation n'est pas à jour Pourquoi ????
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
effectivement tu es infecté, mais ton système d'exploitation n'est pas à jour Pourquoi ????
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Bonsoir,
Merci pour ta reponse qui fut très rapide vraiment merci beaucoup
Voila je te poste le nouveau rapport hijack et le rapport vundofix ci dessous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:58, on 16/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.EXE
D:\WINDOWS\System32\huwcyhdh.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Orange HSS\Systray\SystrayApp.exe
D:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Orange HSS\Deskboard\deskboard.exe
D:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\WINDOWS\system32\NOTEPAD.EXE
C:\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {dcac21ac-0cf4-e87b-6254-af2f426f5aa0} - {0aa5f624-f2fa-4526-b78e-4fc0ca12cacd} - D:\WINDOWS\System32\kdycvhla.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B705617-6D2B-4B8B-B2DE-31676124AE00} - D:\WINDOWS\System32\gebcb.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E9297CAB-6FCC-47AC-86B0-2AD1B42C8CD0} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O2 - BHO: (no name) - {F1AEEA77-18FA-4186-A468-233D0904EF4D} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "D:\Program Files\Fichiers communs\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=https://avsystemcare.com/
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [1cd8af87] rundll32.exe "D:\WINDOWS\System32\krvvkpud.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - D:\WINDOWS\System32\huwcyhdh.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
Merci pour ta reponse qui fut très rapide vraiment merci beaucoup
Voila je te poste le nouveau rapport hijack et le rapport vundofix ci dessous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:58, on 16/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.EXE
D:\WINDOWS\System32\huwcyhdh.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Orange HSS\Systray\SystrayApp.exe
D:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Orange HSS\Deskboard\deskboard.exe
D:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\WINDOWS\system32\NOTEPAD.EXE
C:\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {dcac21ac-0cf4-e87b-6254-af2f426f5aa0} - {0aa5f624-f2fa-4526-b78e-4fc0ca12cacd} - D:\WINDOWS\System32\kdycvhla.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B705617-6D2B-4B8B-B2DE-31676124AE00} - D:\WINDOWS\System32\gebcb.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E9297CAB-6FCC-47AC-86B0-2AD1B42C8CD0} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O2 - BHO: (no name) - {F1AEEA77-18FA-4186-A468-233D0904EF4D} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Salestart] "D:\Program Files\Fichiers communs\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=https://avsystemcare.com/
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [1cd8af87] rundll32.exe "D:\WINDOWS\System32\krvvkpud.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - D:\WINDOWS\System32\huwcyhdh.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
re
merci, on continue
AVSystemCare est un ROGUE à désinstaller (voir plus bas)
http://forum.malekal.com/ftopic3308.php
ensuite
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
* Redémarre ton ordinateur en mode sans échec
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
et
* lance hijackthis "do a system scan only" puis coche ces lignes :
O2 - BHO: {dcac21ac-0cf4-e87b-6254-af2f426f5aa0} - {0aa5f624-f2fa-4526-b78e-4fc0ca12cacd} - D:\WINDOWS\System32\kdycvhla.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B705617-6D2B-4B8B-B2DE-31676124AE00} - D:\WINDOWS\System32\gebcb.dll (file missing)
O2 - BHO: (no name) - {E9297CAB-6FCC-47AC-86B0-2AD1B42C8CD0} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O2 - BHO: (no name) - {F1AEEA77-18FA-4186-A468-233D0904EF4D} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Salestart] "D:\Program Files\Fichiers communs\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=https://avsystemcare.com/
O4 - HKLM\..\Run: [1cd8af87] rundll32.exe "D:\WINDOWS\System32\krvvkpud.dll",b
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
* toutes applications fermées et HORS CONNEXION, clique sur FIX CHECKED
puis
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
reviens avec les différents rapports ainsi qu'un nouveau rapport hijackthis
également tu n'es pas à jour :
Acrobat Reader 8.1.1 :
https://supportdownloads.adobe.com/thankyou.jsp?ftpID=3806&fileID=3534
Décocher Téléchargez également :Adobe Photoshop® Album Édition
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.
Tu peux aussi le remplacer par :
https://www.foxitsoftware.com/pdf-reader/
Dans Ajout/Suppression des programmes, supprime toutes les autres versions.
ET
-Java Runtime Environment (JRE)6u3 :
https://www.oracle.com/java/technologies/javase-downloads.html
Clique sur Download Java Runtime Environment (JRE) 6u3
Dans la page suivante coche Iaccept et télécharge Windows Offline Installation, Multi-language //jre-6u3-windows-i586-p.exe //13.89 MB
Tu l'installeras hors connexion.
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.
demain je ne serais pas présente avant fin après midi, et/ou soirée
merci, on continue
AVSystemCare est un ROGUE à désinstaller (voir plus bas)
http://forum.malekal.com/ftopic3308.php
ensuite
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
* Redémarre ton ordinateur en mode sans échec
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
et
* lance hijackthis "do a system scan only" puis coche ces lignes :
O2 - BHO: {dcac21ac-0cf4-e87b-6254-af2f426f5aa0} - {0aa5f624-f2fa-4526-b78e-4fc0ca12cacd} - D:\WINDOWS\System32\kdycvhla.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B705617-6D2B-4B8B-B2DE-31676124AE00} - D:\WINDOWS\System32\gebcb.dll (file missing)
O2 - BHO: (no name) - {E9297CAB-6FCC-47AC-86B0-2AD1B42C8CD0} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O2 - BHO: (no name) - {F1AEEA77-18FA-4186-A468-233D0904EF4D} - D:\Program Files\MSN Gaming Zone\hokelopD:\WINDOWS\System32\lab3\mmildot83122.exe.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Salestart] "D:\Program Files\Fichiers communs\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=https://avsystemcare.com/
O4 - HKLM\..\Run: [1cd8af87] rundll32.exe "D:\WINDOWS\System32\krvvkpud.dll",b
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
* toutes applications fermées et HORS CONNEXION, clique sur FIX CHECKED
puis
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
D:\WINDOWS\web\related.htm D:\Program Files\Fichiers communs\AVSystemCare
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
reviens avec les différents rapports ainsi qu'un nouveau rapport hijackthis
également tu n'es pas à jour :
Acrobat Reader 8.1.1 :
https://supportdownloads.adobe.com/thankyou.jsp?ftpID=3806&fileID=3534
Décocher Téléchargez également :Adobe Photoshop® Album Édition
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.
Tu peux aussi le remplacer par :
https://www.foxitsoftware.com/pdf-reader/
Dans Ajout/Suppression des programmes, supprime toutes les autres versions.
ET
-Java Runtime Environment (JRE)6u3 :
https://www.oracle.com/java/technologies/javase-downloads.html
Clique sur Download Java Runtime Environment (JRE) 6u3
Dans la page suivante coche Iaccept et télécharge Windows Offline Installation, Multi-language //jre-6u3-windows-i586-p.exe //13.89 MB
Tu l'installeras hors connexion.
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.
demain je ne serais pas présente avant fin après midi, et/ou soirée
Bonjour,
Je te remercie encore pour ton aide,
Et voila les rapport que tu ma demandé:
Rapport SDFix:
SDFix: Version 1.118
Run by Family on 16/12/2007 at 12:09
Microsoft Windows XP [version 5.1.2600]
Running From: D:\DOCUME~1\Family\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe - Deleted
D:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe - Deleted
D:\DOCUME~1\Family\LOCALS~1\Temp\removalfile.bat - Deleted
D:\WINDOWS\system32\pac.txt - Deleted
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 12:17:25
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,14,22,c5,49,e1,2e,84,d7,04,bc,09,63,3c,2e,54,10,de,..
"hj34z0"=hex:54,bf,bc,85,bb,e0,1f,17,53,72,43,64,40,ea,34,dd,28,bc,20,bd,0f,..
scanning hidden registry entries ...
scanning hidden files ...
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\00\19-{36105BAE-9B20-463D-92E1-00DC56194877}-v100-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10776 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\00\19-{36105BAE-9B20-463D-92E1-00DC56194877}-v100-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\01\15-{9372C69B-06CD-7B2F-3071-21F77AC7E059}-v1-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\02\20-{36105BAE-9B20-463D-92E1-00DC56194877}-v102-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13998 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\02\20-{36105BAE-9B20-463D-92E1-00DC56194877}-v102-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1560 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\03\21-{36105BAE-9B20-463D-92E1-00DC56194877}-v103-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12054 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\03\21-{36105BAE-9B20-463D-92E1-00DC56194877}-v103-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1336 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\07\22-{36105BAE-9B20-463D-92E1-00DC56194877}-v107-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14250 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\07\22-{36105BAE-9B20-463D-92E1-00DC56194877}-v107-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\08\23-{36105BAE-9B20-463D-92E1-00DC56194877}-v108-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13134 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\08\23-{36105BAE-9B20-463D-92E1-00DC56194877}-v108-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1472 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\27-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14790 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\27-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1656 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\28-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14790 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\28-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1656 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\11\29-{36105BAE-9B20-463D-92E1-00DC56194877}-v111-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16248 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\11\29-{36105BAE-9B20-463D-92E1-00DC56194877}-v111-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1776 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\13\45-{36105BAE-9B20-463D-92E1-00DC56194877}-v113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14574 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\13\45-{36105BAE-9B20-463D-92E1-00DC56194877}-v113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1576 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\30-{36105BAE-9B20-463D-92E1-00DC56194877}-v115-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16230 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\30-{36105BAE-9B20-463D-92E1-00DC56194877}-v115-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1824 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\52-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v15-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15042 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\52-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v15-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1672 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\16\31-{36105BAE-9B20-463D-92E1-00DC56194877}-v116-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15150 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\16\31-{36105BAE-9B20-463D-92E1-00DC56194877}-v116-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1672 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\18\33-{36105BAE-9B20-463D-92E1-00DC56194877}-v118-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13548 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\18\33-{36105BAE-9B20-463D-92E1-00DC56194877}-v118-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1504 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\19\35-{36105BAE-9B20-463D-92E1-00DC56194877}-v119-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13458 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\19\35-{36105BAE-9B20-463D-92E1-00DC56194877}-v119-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1488 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\20\56-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v20-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14178 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\20\56-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v20-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1544 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\22\37-{36105BAE-9B20-463D-92E1-00DC56194877}-v122-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13926 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\22\37-{36105BAE-9B20-463D-92E1-00DC56194877}-v122-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1520 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\23\38-{36105BAE-9B20-463D-92E1-00DC56194877}-v123-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13890 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\23\38-{36105BAE-9B20-463D-92E1-00DC56194877}-v123-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\25\39-{36105BAE-9B20-463D-92E1-00DC56194877}-v125-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15744 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\25\39-{36105BAE-9B20-463D-92E1-00DC56194877}-v125-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1768 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\26\57-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v26-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 25302 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\26\57-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v26-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2816 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\28\40-{36105BAE-9B20-463D-92E1-00DC56194877}-v128-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13422 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\28\40-{36105BAE-9B20-463D-92E1-00DC56194877}-v128-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1472 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\41-{36105BAE-9B20-463D-92E1-00DC56194877}-v129-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16536 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\41-{36105BAE-9B20-463D-92E1-00DC56194877}-v129-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1808 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\55-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v29-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 21558 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\55-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v29-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2344 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\32\42-{36105BAE-9B20-463D-92E1-00DC56194877}-v132-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9912 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\32\42-{36105BAE-9B20-463D-92E1-00DC56194877}-v132-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1144 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\34\43-{36105BAE-9B20-463D-92E1-00DC56194877}-v134-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 23610 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\34\43-{36105BAE-9B20-463D-92E1-00DC56194877}-v134-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2640 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\38\44-{36105BAE-9B20-463D-92E1-00DC56194877}-v138-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 23628 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\38\44-{36105BAE-9B20-463D-92E1-00DC56194877}-v138-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2608 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\40\46-{36105BAE-9B20-463D-92E1-00DC56194877}-v140-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17418 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\40\46-{36105BAE-9B20-463D-92E1-00DC56194877}-v140-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1936 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\41\47-{36105BAE-9B20-463D-92E1-00DC56194877}-v141-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13098 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\41\47-{36105BAE-9B20-463D-92E1-00DC56194877}-v141-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1480 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\43\48-{36105BAE-9B20-463D-92E1-00DC56194877}-v143-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18534 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\43\48-{36105BAE-9B20-463D-92E1-00DC56194877}-v143-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2088 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\46\50-{36105BAE-9B20-463D-92E1-00DC56194877}-v146-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14304 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\46\50-{36105BAE-9B20-463D-92E1-00DC56194877}-v146-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1568 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\48\49-{36105BAE-9B20-463D-92E1-00DC56194877}-v148-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16518 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\48\49-{36105BAE-9B20-463D-92E1-00DC56194877}-v148-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\52\58-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v52-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18858 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\52\58-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v52-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2128 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\61\59-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v61-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18282 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\61\59-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v61-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2000 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\88\16-{36105BAE-9B20-463D-92E1-00DC56194877}-v88-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15258 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\88\16-{36105BAE-9B20-463D-92E1-00DC56194877}-v88-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1736 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\92\51-{36105BAE-9B20-463D-92E1-00DC56194877}-v92-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 19038 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\92\51-{36105BAE-9B20-463D-92E1-00DC56194877}-v92-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2152 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\94\54-{36105BAE-9B20-463D-92E1-00DC56194877}-v94-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 19056 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\94\54-{36105BAE-9B20-463D-92E1-00DC56194877}-v94-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1380 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\94\54-{36105BAE-9B20-463D-92E1-00DC56194877}-v94-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2112 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\96\36-{36105BAE-9B20-463D-92E1-00DC56194877}-v96-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18822 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\96\36-{36105BAE-9B20-463D-92E1-00DC56194877}-v96-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2112 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\97\17-{36105BAE-9B20-463D-92E1-00DC56194877}-v97-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14700 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\97\17-{36105BAE-9B20-463D-92E1-00DC56194877}-v97-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1656 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\99\18-{36105BAE-9B20-463D-92E1-00DC56194877}-v99-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17400 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\99\18-{36105BAE-9B20-463D-92E1-00DC56194877}-v99-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1960 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\dfrederic031@hotmail.com\DFSR\Staging\CS{4AAF7067-DA56-3BCF-CE71-95C016BC988A}\01\10-{4AAF7067-DA56-3BCF-CE71-95C016BC988A}-v1-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\dfrederic031@hotmail.com\DFSR\Staging\CS{4AAF7067-DA56-3BCF-CE71-95C016BC988A}\13\14-{854329B8-81F3-4C81-BB10-16A7BC406B3F}-v1113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2298 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\dfrederic031@hotmail.com\DFSR\Staging\CS{4AAF7067-DA56-3BCF-CE71-95C016BC988A}\13\14-{854329B8-81F3-4C81-BB10-16A7BC406B3F}-v1113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 81
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\WINDOWS\\System32\\huwcyhdh.exe"="D:\\WINDOWS\\System32\\huw"
"D:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"="D:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
Remaining Files:
---------------
File Backups: - D:\DOCUME~1\Family\Bureau\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 19 Aug 2007 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 18 Aug 2007 400 ..SH. --- "D:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sat 18 Aug 2007 48 ..SH. --- "D:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Finished!
Rapport OTMoveIt:
D:\WINDOWS\web\related.htm moved successfully.
File/Folder D:\Program Files\Fichiers communs\AVSystemCare not found.
Created on 12/16/2007 12:37:07
Rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:15, on 16/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.EXE
D:\WINDOWS\System32\huwcyhdh.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Orange HSS\Systray\SystrayApp.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Orange HSS\Deskboard\deskboard.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: https://www.orange.fr/portail
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - D:\WINDOWS\System32\huwcyhdh.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
Je te remercie encore pour ton aide,
Et voila les rapport que tu ma demandé:
Rapport SDFix:
SDFix: Version 1.118
Run by Family on 16/12/2007 at 12:09
Microsoft Windows XP [version 5.1.2600]
Running From: D:\DOCUME~1\Family\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe - Deleted
D:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe - Deleted
D:\DOCUME~1\Family\LOCALS~1\Temp\removalfile.bat - Deleted
D:\WINDOWS\system32\pac.txt - Deleted
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 12:17:25
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,14,22,c5,49,e1,2e,84,d7,04,bc,09,63,3c,2e,54,10,de,..
"hj34z0"=hex:54,bf,bc,85,bb,e0,1f,17,53,72,43,64,40,ea,34,dd,28,bc,20,bd,0f,..
scanning hidden registry entries ...
scanning hidden files ...
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\00\19-{36105BAE-9B20-463D-92E1-00DC56194877}-v100-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10776 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\00\19-{36105BAE-9B20-463D-92E1-00DC56194877}-v100-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\01\15-{9372C69B-06CD-7B2F-3071-21F77AC7E059}-v1-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\02\20-{36105BAE-9B20-463D-92E1-00DC56194877}-v102-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13998 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\02\20-{36105BAE-9B20-463D-92E1-00DC56194877}-v102-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1560 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\03\21-{36105BAE-9B20-463D-92E1-00DC56194877}-v103-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12054 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\03\21-{36105BAE-9B20-463D-92E1-00DC56194877}-v103-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1336 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\07\22-{36105BAE-9B20-463D-92E1-00DC56194877}-v107-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14250 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\07\22-{36105BAE-9B20-463D-92E1-00DC56194877}-v107-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\08\23-{36105BAE-9B20-463D-92E1-00DC56194877}-v108-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13134 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\08\23-{36105BAE-9B20-463D-92E1-00DC56194877}-v108-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1472 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\27-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14790 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\27-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1656 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\28-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14790 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\09\28-{36105BAE-9B20-463D-92E1-00DC56194877}-v109-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1656 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\11\29-{36105BAE-9B20-463D-92E1-00DC56194877}-v111-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16248 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\11\29-{36105BAE-9B20-463D-92E1-00DC56194877}-v111-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1776 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\13\45-{36105BAE-9B20-463D-92E1-00DC56194877}-v113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14574 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\13\45-{36105BAE-9B20-463D-92E1-00DC56194877}-v113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1576 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\30-{36105BAE-9B20-463D-92E1-00DC56194877}-v115-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16230 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\30-{36105BAE-9B20-463D-92E1-00DC56194877}-v115-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1824 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\52-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v15-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15042 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\15\52-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v15-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1672 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\16\31-{36105BAE-9B20-463D-92E1-00DC56194877}-v116-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15150 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\16\31-{36105BAE-9B20-463D-92E1-00DC56194877}-v116-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1672 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\18\33-{36105BAE-9B20-463D-92E1-00DC56194877}-v118-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13548 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\18\33-{36105BAE-9B20-463D-92E1-00DC56194877}-v118-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1504 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\19\35-{36105BAE-9B20-463D-92E1-00DC56194877}-v119-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13458 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\19\35-{36105BAE-9B20-463D-92E1-00DC56194877}-v119-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1488 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\20\56-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v20-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14178 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\20\56-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v20-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1544 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\22\37-{36105BAE-9B20-463D-92E1-00DC56194877}-v122-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13926 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\22\37-{36105BAE-9B20-463D-92E1-00DC56194877}-v122-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1520 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\23\38-{36105BAE-9B20-463D-92E1-00DC56194877}-v123-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13890 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\23\38-{36105BAE-9B20-463D-92E1-00DC56194877}-v123-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\25\39-{36105BAE-9B20-463D-92E1-00DC56194877}-v125-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15744 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\25\39-{36105BAE-9B20-463D-92E1-00DC56194877}-v125-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1768 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\26\57-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v26-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 25302 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\26\57-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v26-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2816 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\28\40-{36105BAE-9B20-463D-92E1-00DC56194877}-v128-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13422 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\28\40-{36105BAE-9B20-463D-92E1-00DC56194877}-v128-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1472 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\41-{36105BAE-9B20-463D-92E1-00DC56194877}-v129-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16536 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\41-{36105BAE-9B20-463D-92E1-00DC56194877}-v129-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1808 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\55-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v29-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 21558 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\29\55-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v29-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2344 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\32\42-{36105BAE-9B20-463D-92E1-00DC56194877}-v132-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9912 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\32\42-{36105BAE-9B20-463D-92E1-00DC56194877}-v132-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1144 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\34\43-{36105BAE-9B20-463D-92E1-00DC56194877}-v134-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 23610 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\34\43-{36105BAE-9B20-463D-92E1-00DC56194877}-v134-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2640 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\38\44-{36105BAE-9B20-463D-92E1-00DC56194877}-v138-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 23628 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\38\44-{36105BAE-9B20-463D-92E1-00DC56194877}-v138-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2608 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\40\46-{36105BAE-9B20-463D-92E1-00DC56194877}-v140-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17418 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\40\46-{36105BAE-9B20-463D-92E1-00DC56194877}-v140-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1936 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\41\47-{36105BAE-9B20-463D-92E1-00DC56194877}-v141-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13098 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\41\47-{36105BAE-9B20-463D-92E1-00DC56194877}-v141-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1480 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\43\48-{36105BAE-9B20-463D-92E1-00DC56194877}-v143-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18534 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\43\48-{36105BAE-9B20-463D-92E1-00DC56194877}-v143-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2088 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\46\50-{36105BAE-9B20-463D-92E1-00DC56194877}-v146-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14304 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\46\50-{36105BAE-9B20-463D-92E1-00DC56194877}-v146-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1568 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\48\49-{36105BAE-9B20-463D-92E1-00DC56194877}-v148-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16518 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\48\49-{36105BAE-9B20-463D-92E1-00DC56194877}-v148-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\52\58-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v52-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18858 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\52\58-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v52-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2128 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\61\59-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v61-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18282 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\61\59-{9B6F98B2-C9BF-4554-89B0-95A31DCFDC24}-v61-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2000 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\88\16-{36105BAE-9B20-463D-92E1-00DC56194877}-v88-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15258 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\88\16-{36105BAE-9B20-463D-92E1-00DC56194877}-v88-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1736 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\92\51-{36105BAE-9B20-463D-92E1-00DC56194877}-v92-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 19038 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\92\51-{36105BAE-9B20-463D-92E1-00DC56194877}-v92-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2152 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\94\54-{36105BAE-9B20-463D-92E1-00DC56194877}-v94-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 19056 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\94\54-{36105BAE-9B20-463D-92E1-00DC56194877}-v94-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1380 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\94\54-{36105BAE-9B20-463D-92E1-00DC56194877}-v94-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2112 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\96\36-{36105BAE-9B20-463D-92E1-00DC56194877}-v96-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18822 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\96\36-{36105BAE-9B20-463D-92E1-00DC56194877}-v96-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2112 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\97\17-{36105BAE-9B20-463D-92E1-00DC56194877}-v97-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14700 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\97\17-{36105BAE-9B20-463D-92E1-00DC56194877}-v97-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1656 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\99\18-{36105BAE-9B20-463D-92E1-00DC56194877}-v99-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17400 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\claireem.dupuy@hotmail.fr\DFSR\Staging\CS{9372C69B-06CD-7B2F-3071-21F77AC7E059}\99\18-{36105BAE-9B20-463D-92E1-00DC56194877}-v99-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1960 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\dfrederic031@hotmail.com\DFSR\Staging\CS{4AAF7067-DA56-3BCF-CE71-95C016BC988A}\01\10-{4AAF7067-DA56-3BCF-CE71-95C016BC988A}-v1-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\dfrederic031@hotmail.com\DFSR\Staging\CS{4AAF7067-DA56-3BCF-CE71-95C016BC988A}\13\14-{854329B8-81F3-4C81-BB10-16A7BC406B3F}-v1113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2298 bytes hidden from API
D:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Messenger\didinedounette1@hotmail.com\SharingMetadata\dfrederic031@hotmail.com\DFSR\Staging\CS{4AAF7067-DA56-3BCF-CE71-95C016BC988A}\13\14-{854329B8-81F3-4C81-BB10-16A7BC406B3F}-v1113-{A37925E5-D324-4D0B-94BF-51D8B36A60F8}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 81
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\WINDOWS\\System32\\huwcyhdh.exe"="D:\\WINDOWS\\System32\\huw"
"D:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"="D:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
Remaining Files:
---------------
File Backups: - D:\DOCUME~1\Family\Bureau\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 19 Aug 2007 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 18 Aug 2007 400 ..SH. --- "D:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sat 18 Aug 2007 48 ..SH. --- "D:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Finished!
Rapport OTMoveIt:
D:\WINDOWS\web\related.htm moved successfully.
File/Folder D:\Program Files\Fichiers communs\AVSystemCare not found.
Created on 12/16/2007 12:37:07
Rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:15, on 16/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTsvcCDA.EXE
D:\WINDOWS\System32\huwcyhdh.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Orange HSS\Systray\SystrayApp.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Orange HSS\Launcher\Launcher.exe
D:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
D:\Program Files\Orange HSS\Deskboard\deskboard.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
D:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "D:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] D:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: https://www.orange.fr/portail
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - D:\WINDOWS\System32\huwcyhdh.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
