Se connecter / S'enregistrer
Votre question

Rapport hisjackthis ( RESOLU , Merci Xmichoux )

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Novembre 2007 17:09:30

Bonjour a tous

A pres 2 ans d'utilisation mon pc rame dans tous les sens. Je viens donc d'effectuer une analyse hisjackthis mais je sais pas lire le rapport !

J'ai essayer de faire avec l analyse auto mais une fois que je sais a peu près ce qu il ne va pas , cela ne me dit pas comment m'en débarrasser !!!

D'ailleurs je ne peux plus acceder a mon gestionnaire des taches !!!! Du coup c est un peu la galère !!

Merci d avance pour votre aide

Cordialement

Doudoubis

Voici donc mon rapport :

Logfile of HijackThis v1.99.1
Scan saved at 16:42:00, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\taskmger.com
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\taskmger.com
E:\RECYCLER\systems.com
C:\Documents and Settings\ARNAUD David\Bureau\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Systry] C:\WINDOWS\system32\notepad.exe
O4 - HKLM\..\Run: [userd] C:\WINDOWS\RECYCLER\systems.com
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe




MERCI ENCORE

Autres pages sur : rapport hisjackthis resolu merci xmichoux

19 Novembre 2007 19:46:26

Salut,

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat .
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
21 Novembre 2007 11:25:06

Bonjour Michou,

Voici donc mon rapport :
SDFix: Version 1.115

Run by ARNAUD David on 21/11/2007 at 10:58

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\ARNAUD~1\Bureau\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 11:06:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\baptiste.rousselin@hotmail.fr\DFSR\Staging\CS{A45EC0D0-2BA8-4E32-86CD-848D484AE5F5}\01\18-{A45EC0D0-2BA8-4E32-86CD-848D484AE5F5}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\01\23-{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\16\16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16248 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\16\16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1236 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\16\16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2992 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\gawwa@hotmail.fr\DFSR\Staging\CS{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}\01\17-{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\gawwa@hotmail.fr\DFSR\Staging\CS{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}\22\32-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v22-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1416 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\gawwa@hotmail.fr\DFSR\Staging\CS{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}\22\32-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v22-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\nicolas.chatelain@hotmail.fr\DFSR\Staging\CS{1657B8CD-80F9-2EF8-8B71-45A99F630892}\01\60-{1657B8CD-80F9-2EF8-8B71-45A99F630892}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\nicolas.chatelain@hotmail.fr\DFSR\Staging\CS{1657B8CD-80F9-2EF8-8B71-45A99F630892}\61\22-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v61-{9C371DC6-C040-48C2-B0F7-6AED54B2F91B}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2040 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\orely.pti-bout@wanadoo.fr\DFSR\Staging\CS{5869E2D0-2422-40B5-B97C-2C15743A1094}\01\10-{5869E2D0-2422-40B5-B97C-2C15743A1094}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\poune.g@hotmail.fr\DFSR\Staging\CS{CEEB9E24-945D-B6BE-5626-480249803D36}\01\15-{CEEB9E24-945D-B6BE-5626-480249803D36}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\ribrok@msn.com\DFSR\Staging\CS{D7E75835-3B03-880E-B91B-CDF1DC729C1F}\01\12-{D7E75835-3B03-880E-B91B-CDF1DC729C1F}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\01\13-{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\20\36-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v20-{A7C6398E-F139-45FA-8600-7493321B559F}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 750 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\20\36-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v20-{A7C6398E-F139-45FA-8600-7493321B559F}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\21\37-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v21-{A7C6398E-F139-45FA-8600-7493321B559F}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\22\38-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v22-{A7C6398E-F139-45FA-8600-7493321B559F}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 750 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\22\38-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v22-{A7C6398E-F139-45FA-8600-7493321B559F}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\52\38-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v52-{F16E8C28-694D-491D-8F75-0806917E09FF}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 157116 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\52\38-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v52-{F16E8C28-694D-491D-8F75-0806917E09FF}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 11154 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\52\38-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v52-{F16E8C28-694D-491D-8F75-0806917E09FF}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 19144 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\53\53-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v53-{A7C6398E-F139-45FA-8600-7493321B559F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 191388 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\53\53-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v53-{A7C6398E-F139-45FA-8600-7493321B559F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 13584 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\53\53-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v53-{A7C6398E-F139-45FA-8600-7493321B559F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 23784 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\54\54-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v54-{A7C6398E-F139-45FA-8600-7493321B559F}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7284 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\54\54-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v54-{A7C6398E-F139-45FA-8600-7493321B559F}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 840 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\55\55-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v55-{A7C6398E-F139-45FA-8600-7493321B559F}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6636 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\55\55-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v55-{A7C6398E-F139-45FA-8600-7493321B559F}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 736 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\56\42-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v56-{F16E8C28-694D-491D-8F75-0806917E09FF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 36246 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\56\42-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v56-{F16E8C28-694D-491D-8F75-0806917E09FF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2640 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\56\42-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v56-{F16E8C28-694D-491D-8F75-0806917E09FF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4472 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\57\43-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v57-{F16E8C28-694D-491D-8F75-0806917E09FF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 48144 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\57\43-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v57-{F16E8C28-694D-491D-8F75-0806917E09FF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3522 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\57\43-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v57-{F16E8C28-694D-491D-8F75-0806917E09FF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6016 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\58\44-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v58-{F16E8C28-694D-491D-8F75-0806917E09FF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 73740 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\58\44-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v58-{F16E8C28-694D-491D-8F75-0806917E09FF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5196 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\58\44-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v58-{F16E8C28-694D-491D-8F75-0806917E09FF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8704 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\59\45-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v59-{F16E8C28-694D-491D-8F75-0806917E09FF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16032 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\59\45-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v59-{F16E8C28-694D-491D-8F75-0806917E09FF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1146 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\59\45-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v59-{F16E8C28-694D-491D-8F75-0806917E09FF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2040 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\83\45-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v183-{A7C6398E-F139-45FA-8600-7493321B559F}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12882 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\83\45-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v183-{A7C6398E-F139-45FA-8600-7493321B559F}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1456 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\84\40-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v184-{A7C6398E-F139-45FA-8600-7493321B559F}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14502 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\84\40-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v184-{A7C6398E-F139-45FA-8600-7493321B559F}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1608 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\85\41-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v185-{A7C6398E-F139-45FA-8600-7493321B559F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16284 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\85\41-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v185-{A7C6398E-F139-45FA-8600-7493321B559F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1146 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\85\41-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v185-{A7C6398E-F139-45FA-8600-7493321B559F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1856 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\86\42-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v186-{A7C6398E-F139-45FA-8600-7493321B559F}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13854 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\86\42-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v186-{A7C6398E-F139-45FA-8600-7493321B559F}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1512 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\87\43-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v187-{A7C6398E-F139-45FA-8600-7493321B559F}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15546 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\87\43-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v187-{A7C6398E-F139-45FA-8600-7493321B559F}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1704 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\88\44-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v188-{A7C6398E-F139-45FA-8600-7493321B559F}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11442 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\88\44-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v188-{A7C6398E-F139-45FA-8600-7493321B559F}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1256 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\01\19-{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\16\14-{8AE46108-730B-493F-9280-306870EE0162}-v16-{F16E8C28-694D-491D-8F75-0806917E09FF}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2992 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\30\30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 624 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\30\30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\01\24-{C25A97B6-CD7C-013F-F387-4574F7262571}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\25\25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 53598 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\25\25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3972 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\25\25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5968 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\01\26-{4A59449E-BB6B-5D97-27A9-7E473FD5132A}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\27\27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16248 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\27\27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1236 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\27\27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2992 bytes hidden from API
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\vicoly@hotmail.com\DFSR\Staging\CS{0A89E5DC-7646-50E5-23AA-7958302C22E5}\01\16-{0A89E5DC-7646-50E5-23AA-7958302C22E5}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 67


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\setup\\HPZNET01.EXE"="D:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\\setup\\HPONICIFS01.EXE"="D:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:p mc.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Enabled:p MC.Service.Main.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:p SST.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:p MSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:p MC.Tvtv.Wizard.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:D isabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 11 Apr 2007 34,304 A.SHR --- "C:\RECYCLER\systems.com"
Wed 4 Apr 2007 282,624 A.SHR --- "C:\Program Files\Internet Explorer\iexp1ore.exe"
Mon 20 Mar 2006 56 ..SHR --- "C:\WINDOWS\system32\F797688606.sys"
Wed 11 Apr 2007 34,304 A.SHR --- "C:\WINDOWS\system32\taskmger.com"
Sun 1 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 18 Oct 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Tue 7 Mar 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Mon 2 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b3ec987c557c0db8aeefc1b4c479971\BIT3.tmp"
Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT1.tmp"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\770ab2029a713ab32135544cfa9c6da0\BIT4.tmp"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT1.tmp"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dfe3590997ca6f73b22b53af19e63c6b\BIT5.tmp"
Mon 27 Feb 2006 1,220,608 ...H. --- "C:\Documents and Settings\ARNAUD David\Application Data\Microsoft\Word\~WRL4066.tmp"
Fri 2 Nov 2007 45,056 A..H. --- "C:\Documents and Settings\ARNAUD David\Bureau\clef sophie\Nouveau dossier\Affichage\terres d'amanar\Tente\~WRL0001.tmp"
Sun 23 Jul 2006 696,320 A.SH. --- "C:\Documents and Settings\ARNAUD David\Bureau\david photo\Boulot\Marrakech-trophy\Marrakech-trophy 2006\101MSDCF\SIV2.tmp"

Finished!



En attente de vos instructions !

Merci de votre aide !

D'ailleurs je veux changer d'antivirus parce que norton est dépassé et j ai l'impression su'il est loin d'etre le plus performant ! Que me conseillez vous ?

Cordialement

David

Contenus similaires
21 Novembre 2007 14:41:42

Juste pour ne pas m'oublier parce que sans vous ça me parait compliquer !


Merci encore
21 Novembre 2007 16:00:04

Reposte un Hijackthis
21 Novembre 2007 17:16:53

le voici :

Logfile of HijackThis v1.99.1
Scan saved at 17:16:31, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\taskmger.com
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexp1ore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ARNAUD David\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Systry] C:\WINDOWS\system32\notepad.exe
O4 - HKLM\..\Run: [userd] C:\WINDOWS\RECYCLER\systems.com
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

21 Novembre 2007 17:49:53

Vide ta corbeille.

Désinstalle Norton et Live Update via ajout/suppr de programmes.
Puis >> http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
22 Novembre 2007 18:19:48

le voici




AntiVir PersonalEdition Classic
Report file date: jeudi 22 novembre 2007 14:56

Scanning for 939950 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: CERVEAU

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 13:55:28
ANTIVIR3.VDF : 7.0.0.248 200192 Bytes 22/11/2007 13:55:28
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 22/11/2007 13:55:28
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 22 novembre 2007 14:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'HPBPRO.EXE' - '1' Module(s) have been scanned
Scan process 'HPBOID.EXE' - '1' Module(s) have been scanned
Scan process 'HPNRA.EXE' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'rzamqpg.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'TPTray.exe' - '1' Module(s) have been scanned
Scan process 'PadExe.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Common Files\Error Report\svdll.dll
[DETECTION] Is the Trojan horse TR/Agent.Adv.2
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Program Files\MS Error\erep.dll
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa9aca.qua'!
C:\RECYCLER\systems.com
[DETECTION] Is the Trojan horse TR/Drop.SD.B3B0954A
[INFO] The file was moved to '47b89bcc.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094596.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16004
[WARNING] The source file could not be found.
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094608.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e29.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094609.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e2c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094610.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e2d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094611.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086446.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094612.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e2e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094613.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086447.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094614.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e2f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094615.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086458.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094616.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e31.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094617.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e30.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094618.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086459.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094619.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608645a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094620.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e33.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094621.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e32.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094622.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608645b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094623.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608645c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094624.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e35.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094625.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e34.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094626.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608645d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094627.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608645e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094628.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e36.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094629.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608645f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094630.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e37.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094631.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086450.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094632.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e39.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094633.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e38.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094634.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086451.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094635.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086452.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094636.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e3b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094637.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e3a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094638.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086453.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094639.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e3c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094640.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086454.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094641.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086455.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094642.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e3e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094643.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086457.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094644.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e3d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094645.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086456.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094646.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e08.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094647.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086461.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094648.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e3f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094649.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086428.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094650.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e40.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094651.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e41.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094652.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608642a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094653.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e42.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094654.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608642b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094655.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e43.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094656.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608642c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094657.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e45.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094658.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e44.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094659.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608642d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094660.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608642e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094661.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e47.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094662.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e46.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094663.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608642f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094664.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086420.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094665.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e49.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094666.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e48.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094667.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086421.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094668.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086422.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094669.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e4b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094670.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e4a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094671.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086424.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094672.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e4d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094673.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e4c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094674.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086425.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094675.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e4e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094676.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086426.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094677.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e4f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094678.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086427.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094679.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086429.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094680.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086438.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094681.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e51.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094682.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e50.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094683.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608643a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094684.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e53.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094685.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e52.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094686.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608643b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094687.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e54.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094689.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608643c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094690.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e55.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094691.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608643d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094692.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e56.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094693.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608643e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094694.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e57.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094695.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608643f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094696.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e28.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094697.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086430.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094698.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e59.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094699.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e58.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094700.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086431.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094701.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086432.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094702.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e5b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094703.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e5a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094704.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086433.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094705.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086434.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094706.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e5d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094707.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e5c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094708.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086435.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094709.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086436.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094710.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e5f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094711.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e5e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094712.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086437.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094713.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086408.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094714.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e61.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094715.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e60.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094716.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608640a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094717.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e63.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094718.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e62.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094719.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608640b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094720.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608640c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094721.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e64.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094722.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608640d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094723.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e65.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094724.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608640e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094725.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e66.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094726.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608640f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094727.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e67.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094728.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086400.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094729.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e68.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094730.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086401.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094731.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e69.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094732.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086402.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094733.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e6a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094734.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086403.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094735.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e6c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094736.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086405.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094737.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e6d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094738.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086406.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094739.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e6e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094740.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086407.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094741.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e6f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094742.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086418.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094743.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e70.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094744.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086419.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094745.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e71.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094746.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608641a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094747.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e72.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094748.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608641b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094749.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e73.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094750.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608641c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094751.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e74.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094752.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608641d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094753.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e75.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094754.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608641e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094755.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e76.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094756.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '4608641f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094757.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e77.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094758.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086410.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094759.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e78.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094760.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e79.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094761.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086412.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094762.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e7a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094763.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086413.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094764.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e7b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094765.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086414.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094766.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e7c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094767.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086415.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094768.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e7d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094769.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086416.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094770.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e7e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094771.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '46086417.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094772.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e7f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094773.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e8.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094774.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e80.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094775.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e9.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094776.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e81.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094777.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e82.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094778.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864eb.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094779.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e83.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094780.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864ec.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094781.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e84.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094782.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864ed.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094783.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e85.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094784.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864ee.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094785.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e86.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094786.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864ef.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094787.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e87.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094788.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e0.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094789.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e88.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094790.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e1.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094791.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e89.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094792.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e2.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094793.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e8a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094794.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e3.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094795.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e8b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094796.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e4.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094797.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e8d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094798.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e6.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094799.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e8e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094800.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864e7.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094801.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e8f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094802.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f8.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094803.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e90.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094804.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f9.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094805.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e91.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094806.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864fa.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094807.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e92.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094808.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864fb.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094809.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e93.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094810.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864fc.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094811.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e94.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094812.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e95.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094813.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864fe.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094814.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e96.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094815.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864ff.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094816.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e97.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094817.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f0.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094818.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e98.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094819.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f1.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094820.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e99.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094821.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f2.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094822.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '47759e9a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094823.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f3.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094824.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e9b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094825.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f4.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094826.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e9c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094827.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f5.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094828.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e9d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094829.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f6.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094830.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e9e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094831.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864f7.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094832.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759e9f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094833.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864c8.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094834.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea0.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094835.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864c9.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094836.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea1.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094837.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864ca.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094838.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea2.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094839.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea3.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094840.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864cc.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094841.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea4.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094842.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864cd.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094843.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea5.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094844.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864ce.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094845.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea6.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094846.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864cf.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094847.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea7.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094848.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864c0.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094849.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea8.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094850.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864c1.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094851.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759ea9.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094852.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eaa.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094853.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864c3.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094854.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eab.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094855.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864c4.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094856.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eac.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094857.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460864c5.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094858.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '47759ead.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094859.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '47759eae.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094860.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '460864c7.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094861.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eaf.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094862.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '47759eb0.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094863.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '460864d9.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094864.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eb3.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094865.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460866b4.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094866.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eb4.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094867.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eb5.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094868.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460866b6.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094869.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eb6.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094870.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '460866b7.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094871.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eb7.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094872.exe
[DETECTION] Contains detection pattern of the worm WORM/Rays
[INFO] The file was moved to '47759eb9.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094873.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '460866ba.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094874.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '47759ebb.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP58\A0094875.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Tenga.A
[INFO] The file was moved to '47759
22 Novembre 2007 18:21:04

Que dois maintenant faire !

Merci de votre réponse


David
22 Novembre 2007 19:04:26

Re,

Supprime C:\Program Files\Common Files\Error Report et C:\Program Files\MS Error\
Reposte un Hijackthis.

Télécharge sur ton bureau : Clean (de Malekal)
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt
Tuto

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
23 Novembre 2007 11:42:40

le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 11:41:26, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\ARNAUD David\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

23 Novembre 2007 11:58:38

le rapport clean




23/11/2007 a 11:44:34,51

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\mailskinner\" FOUND
"C:\Program Files\Multi_Media\" FOUND
23 Novembre 2007 12:22:57

Voici le nouveau rapport de clean apres desinfection ( je pense que c est pas mal ! )
23/11/2007 a 12:11:56,06

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !



23 Novembre 2007 13:06:47

J ai de nouveau fait un rapport hijackthis :

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\ARNAUD David\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Et maibntenant je fais quoi ?

lol



23 Novembre 2007 19:20:21

Re,

On vérifie des pistes.

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

+++++++++++

Télécharge Lop S&D (d’Eric71 & Angeldark)
Dézippe-le sur le bureau
Lance le fichier Scan.bat
Exécute l’option R .
Poste le rapport généré en fin d’analyse.
Le rapport se trouve aussi ici : C:\Lopr.txt

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , tape explorer et valide)
26 Novembre 2007 10:15:33

Voici le rapport Navilog

Search Navipromo version 3.3.6 commencé le 25/11/2007 à 14:03:19,26

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***

C:\WINDOWS\msskinner trouvé !


*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\ARNAUD David\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\rzamqpg.dat
C:\WINDOWS\system32\rzamqpg.exe
C:\WINDOWS\system32\rzamqpg_nav.dat
C:\WINDOWS\system32\rzamqpg_navps.dat

Processus caché(s) :

C:\WINDOWS\system32\rzamqpg.exe


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\ARNAUD~1\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\rzamqpg.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le 25/11/2007 à 14:04:18,95 ***
26 Novembre 2007 10:16:50

et celui de Lop S&D :


catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 14:06:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden files ...

scan completed successfully
hidden files: 0

26 Novembre 2007 10:19:29

Pardon petite erreur de ma part, désolé !

Voici donc le bon rapport S&D :



------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\ARNAUD David\Bureau\Lop S&D"

Rapport créé Le 25/11/2007 à 14:06:39,56 PC : CERVEAU

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Administrateur\Application Data\Microsoft
C:\Documents and settings\Administrateur\Application Data\Symantec
C:\Documents and settings\Administrateur\Application Data\Sonic
C:\Documents and settings\Administrateur\Application Data\toshiba
C:\Documents and settings\Administrateur\Application Data\Adobe
C:\Documents and settings\Administrateur\Application Data\desktop.ini
C:\Documents and settings\Administrateur\Application Data\Identities

C:\Documents and settings\All Users\Application Data\Teleca
C:\Documents and settings\All Users\Application Data\Sony Ericsson
C:\Documents and settings\All Users\Application Data\addr_file.html
C:\Documents and settings\All Users\Application Data\Avira
C:\Documents and settings\All Users\Application Data\WLInstaller
C:\Documents and settings\All Users\Application Data\WindowsLiveInstaller
C:\Documents and settings\All Users\Application Data\hpzinstall.log
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Pinnacle
C:\Documents and settings\All Users\Application Data\Hewlett-Packard
C:\Documents and settings\All Users\Application Data\HP
C:\Documents and settings\All Users\Application Data\Trymedia
C:\Documents and settings\All Users\Application Data\Adobe Systems
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\Ableton
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Ahead
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\All Users\Application Data\SBSI

C:\Documents and settings\ARNAUD David\Application Data\SolidDocuments
C:\Documents and settings\ARNAUD David\Application Data\Teleca
C:\Documents and settings\ARNAUD David\Application Data\Sony Ericsson
C:\Documents and settings\ARNAUD David\Application Data\MSNInstaller
C:\Documents and settings\ARNAUD David\Application Data\Microsoft
C:\Documents and settings\ARNAUD David\Application Data\Real
C:\Documents and settings\ARNAUD David\Application Data\Google
C:\Documents and settings\ARNAUD David\Application Data\SecondLife
C:\Documents and settings\ARNAUD David\Application Data\Image Zone Express
C:\Documents and settings\ARNAUD David\Application Data\HPSU_48BitScanUpdate.log
C:\Documents and settings\ARNAUD David\Application Data\U3
C:\Documents and settings\ARNAUD David\Application Data\AdobeUM
C:\Documents and settings\ARNAUD David\Application Data\vlc
C:\Documents and settings\ARNAUD David\Application Data\InstallShield Installation Information
C:\Documents and settings\ARNAUD David\Application Data\HP
C:\Documents and settings\ARNAUD David\Application Data\Adobe
C:\Documents and settings\ARNAUD David\Application Data\MySpace
C:\Documents and settings\ARNAUD David\Application Data\funkitron
C:\Documents and settings\ARNAUD David\Application Data\Ahead
C:\Documents and settings\ARNAUD David\Application Data\Microsoft Excel.EML
C:\Documents and settings\ARNAUD David\Application Data\Opera
C:\Documents and settings\ARNAUD David\Application Data\Ableton
C:\Documents and settings\ARNAUD David\Application Data\FileMaker
C:\Documents and settings\ARNAUD David\Application Data\Template
C:\Documents and settings\ARNAUD David\Application Data\wklnhst.dat
C:\Documents and settings\ARNAUD David\Application Data\Sun
C:\Documents and settings\ARNAUD David\Application Data\Help
C:\Documents and settings\ARNAUD David\Application Data\Mozilla
C:\Documents and settings\ARNAUD David\Application Data\Talkback
C:\Documents and settings\ARNAUD David\Application Data\Symantec
C:\Documents and settings\ARNAUD David\Application Data\Macromedia
C:\Documents and settings\ARNAUD David\Application Data\InterVideo
C:\Documents and settings\ARNAUD David\Application Data\Sonic
C:\Documents and settings\ARNAUD David\Application Data\toshiba
C:\Documents and settings\ARNAUD David\Application Data\desktop.ini
C:\Documents and settings\ARNAUD David\Application Data\Identities

C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\Symantec
C:\Documents and settings\Default User\Application Data\Sonic
C:\Documents and settings\Default User\Application Data\toshiba
C:\Documents and settings\Default User\Application Data\Adobe
C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Identities

C:\Documents and settings\Invit‚\Application Data\SolidDocuments
C:\Documents and settings\Invit‚\Application Data\Microsoft
C:\Documents and settings\Invit‚\Application Data\Symantec
C:\Documents and settings\Invit‚\Application Data\Sonic
C:\Documents and settings\Invit‚\Application Data\toshiba
C:\Documents and settings\Invit‚\Application Data\Adobe
C:\Documents and settings\Invit‚\Application Data\desktop.ini
C:\Documents and settings\Invit‚\Application Data\Identities

C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\LocalService\Application Data\Symantec
C:\Documents and settings\LocalService\Application Data\Adobe

C:\Documents and settings\NetworkService\Application Data\Symantec
C:\Documents and settings\NetworkService\Application Data\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\Nouvelle Tƒche.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\Ableton
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Apoint2K
C:\Program Files\Avira
C:\Program Files\CCleaner
C:\Program Files\DIFX
C:\Program Files\DivXCodec
C:\Program Files\DVD-RAM
C:\Program Files\eibDesktop
C:\Program Files\Elaborate Bytes
C:\Program Files\eMule
C:\Program Files\Fichiers communs
C:\Program Files\GordianKnot
C:\Program Files\Hewlett-Packard
C:\Program Files\HP
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\InterVideo
C:\Program Files\Inventel
C:\Program Files\Java
C:\Program Files\K-Lite Codec Pack
C:\Program Files\Lavalys
C:\Program Files\Logitech
C:\Program Files\ltmoh
C:\Program Files\Macrogaming
C:\Program Files\MatroskaProp
C:\Program Files\Messenger
C:\Program Files\Microsoft CAPICOM 2.1.0.2
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\mozilla.org
C:\Program Files\MRT Codecs Pack
C:\Program Files\MS Error
C:\Program Files\MSECache
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\Navilog1
C:\Program Files\NetMeeting
C:\Program Files\Offre Wanadoo
C:\Program Files\On2 Technologies
C:\Program Files\Online Services
C:\Program Files\Outlook Express
C:\Program Files\Overland
C:\Program Files\PDFCreator
C:\Program Files\Plus!
C:\Program Files\PokerStars.NET
C:\Program Files\PPLive
C:\Program Files\Real
C:\Program Files\Realtek AC97
C:\Program Files\SAGEM Wi-Fi USB 802.11g
C:\Program Files\Securitoo
C:\Program Files\Services en ligne
C:\Program Files\Sierra On-Line
C:\Program Files\SolidDocuments
C:\Program Files\Sony Ericsson
C:\Program Files\Toshiba
C:\Program Files\Video mp3 Extractor
C:\Program Files\VideoLAN
C:\Program Files\Virtual DJ
C:\Program Files\VirtualDJ
C:\Program Files\VstPlugins
C:\Program Files\Winamp
C:\Program Files\Windows Live
C:\Program Files\Windows Media Bonus Pack for Windows XP
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\winstat
C:\Program Files\xerox
C:\Program Files\XviD
C:\Program Files\Yahoo!

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Adobe Systems Shared
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\FDEUnInstaller.exe
C:\program files\fichiers communs\Hewlett-Packard
C:\program files\fichiers communs\HP
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\LightScribe
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\mozilla.org
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\Nero
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\SolidDocuments
C:\program files\fichiers communs\Sony Ericsson Shared
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\Symantec Shared
C:\program files\fichiers communs\Synacast
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Teleca Shared

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 14:06:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\nvs2.inf
! EGDACCESS Possible !

D:\Autorun.inf

E:\Autorun.inf


--------------------[ Fin du rapport à 14:08:03,64 ]----------------------
26 Novembre 2007 18:32:42

Re,

1/ Double clique sur le raccourci de navilog1.
Option 2 puis valide. (entrée)
Laisse toi guider.
Ton ordinateur va redémarrer, sinon fais le manuellement.

Ton bureau va disparaître.

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tapes explorer et valides. Cela te fera apparaitre ton bureau


Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

electronic-group ; egroup ; Montorgueil ; VIP ; "Sunny Day Design Ltd"

~~> Supprime-les tous <~~

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)

2/ Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.

3/ Télécharge OTMoveIt >> Tuto<<

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
D:\Autorun.inf
E:\Autorun.inf

Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer, accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
27 Novembre 2007 10:23:31

Voici donc le rapport Clean Navipromo version 3.3.6 commencé le 27/11/2007 à 10:10:11,45

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180

Mode suppression automatique


*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\rzamqpg.dat réalisé avec succès !
Copie C:\WINDOWS\system32\rzamqpg.exe réalisé avec succès !
Copie C:\WINDOWS\system32\rzamqpg_nav.dat réalisé avec succès !
Copie C:\WINDOWS\system32\rzamqpg_navps.dat réalisé avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\rzamqpg.dat supprimé !
C:\WINDOWS\system32\rzamqpg.exe supprimé !
C:\WINDOWS\system32\rzamqpg_nav.dat supprimé !
C:\WINDOWS\system32\rzamqpg_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

C:\WINDOWS\prefetch\rzamqpg*.pf trouvé !
Copie C:\WINDOWS\prefetch\rzamqpg*.pf réalisé avec succès !
C:\WINDOWS\prefetch\rzamqpg*.pf supprimé !

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans C:\DOCUME~1\ARNAUD~1\LOCALS~1\APPLIC~1 *



*** Suppression dossiers dans C:\WINDOWS ***

C:\WINDOWS\msskinner ...suppression...
C:\WINDOWS\msskinner supprimé !


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\ARNAUD David\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ARNAUD David\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche, création sauvegardes et suppression Heuristique :


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 27/11/2007 à 10:13:42,75 ***

27 Novembre 2007 12:02:32

le rapport AVG

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 11:52:31 27/11/2007

+ Résultat de l'analyse:



C:\Documents and Settings\ARNAUD David\Cookies\arnaud david@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\ARNAUD David\Cookies\arnaud david@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\ARNAUD David\Cookies\arnaud david@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\ARNAUD David\Cookies\arnaud david@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\ARNAUD David\Cookies\arnaud david@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\ARNAUD David\Cookies\arnaud david@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\ARNAUD David\Cookies\arnaud david@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.


Fin du rapport

27 Novembre 2007 12:03:22

Puis le rapport clean :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 27/11/2007 a 11:54:49,56

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
27 Novembre 2007 12:14:02

Et pour finir :



File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File/Folder E:\Autorun.inf not found.
File/Folder not found.

Created on 11/27/2007 12:05:10

27 Novembre 2007 14:36:15

Re,

Refais la même manip avec Otmovelt, poste le rapport et un nouveau Hijackthis
27 Novembre 2007 15:22:15

rapport Otmovelt :

File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File/Folder E:\Autorun.inf not found.
File/Folder not found.

Created on 11/27/2007 15:17:46


----------------------------------------------------------------------------------------

et le hijackthis :



Logfile of HijackThis v1.99.1
Scan saved at 15:19:45, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Documents and Settings\ARNAUD David\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator6\CheckNewUser.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Voili, par contre il m'est impossible d'ouvrir mon gestionnaire de tache, le Pc me dit que l'administrateur m'en refuse l'accès alors que c est moi l admin sur mon PC !!!!!


Merci de ton aide
27 Novembre 2007 17:33:11

Re,


Télécharge Killbox (tuto)
Dézippe-le sur ton bureau.
Sélectionne l’encadré ci-dessous, puis fais clique droit - copier
D:\Autorun.inf

Lance PocketKillBox , va dans "File" puis "Paste from Clipboard" (tu ne verras rien se passer).
Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
Coche la case "Delete on reboot" + "unregistre dll before deleting" (cette case peut être grisée si une ce n'est pas une dll qui a été entrée)
Clique sur "all files" et ensuite sur la croix rouge
Réponds yes aux messages qui vont s’afficher.
Si l’ordinateur ne redémarre pas, fais le manuellement.
Après redémarrage, relance Killbox. Va dans "File" puis "Logs" et "Actions History Log".
Poste le rapport.

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis ferme tous les programmes.
Double-clique sur Gmer.exe.

Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche seulement Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et poste le contenu ici.

27 Novembre 2007 18:38:44

Le rapport Killbox :



Pocket Killbox version 2.0.0.648
Running on Windows XP as ARNAUD David(Administrator)
was started @ mardi, novembre 27, 2007, 6:27 PM

# 1 [Delete on Reboot]
Path = D:\Autorun.inf


I Rebooted @ 6:29:31 PM
Killbox Closed(Exit) @ 6:29:41 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as ARNAUD David(Administrator)
was started @ mardi, novembre 27, 2007, 6:36 PM

27 Novembre 2007 18:47:50

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-27 18:45:37
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\baptiste.rousselin@hotmail.fr\DFSR\Staging\CS{A45EC0D0-2BA8-4E32-86CD-848D484AE5F5}\01\18-{A45EC0D0-2BA8-4E32-86CD-848D484AE5F5}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\01\23-{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\16\16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\16\16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\durandclaudie@hotmail.com\DFSR\Staging\CS{545F0FB6-2BB9-9748-95A6-185D9F1A00DA}\16\16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\gawwa@hotmail.fr\DFSR\Staging\CS{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}\01\17-{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\gawwa@hotmail.fr\DFSR\Staging\CS{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}\22\32-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v22-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\gawwa@hotmail.fr\DFSR\Staging\CS{592EAEA7-D4A7-ABAB-CAFE-239BBB41C4A1}\22\32-{CDCBD627-47C1-4526-BEA8-AB7F0EDF00EA}-v22-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\nicolas.chatelain@hotmail.fr\DFSR\Staging\CS{1657B8CD-80F9-2EF8-8B71-45A99F630892}\01\60-{1657B8CD-80F9-2EF8-8B71-45A99F630892}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\nicolas.chatelain@hotmail.fr\DFSR\Staging\CS{1657B8CD-80F9-2EF8-8B71-45A99F630892}\61\23-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v61-{9C371DC6-C040-48C2-B0F7-6AED54B2F91B}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\nicolas.chatelain@hotmail.fr\DFSR\Staging\CS{1657B8CD-80F9-2EF8-8B71-45A99F630892}\61\23-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v61-{9C371DC6-C040-48C2-B0F7-6AED54B2F91B}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\orely.pti-bout@wanadoo.fr\DFSR\Staging\CS{5869E2D0-2422-40B5-B97C-2C15743A1094}\01\10-{5869E2D0-2422-40B5-B97C-2C15743A1094}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\poune.g@hotmail.fr\DFSR\Staging\CS{CEEB9E24-945D-B6BE-5626-480249803D36}\01\15-{CEEB9E24-945D-B6BE-5626-480249803D36}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\ribrok@msn.com\DFSR\Staging\CS{D7E75835-3B03-880E-B91B-CDF1DC729C1F}\01\12-{D7E75835-3B03-880E-B91B-CDF1DC729C1F}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\01\13-{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\20\36-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v20-{A7C6398E-F139-45FA-8600-7493321B559F}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\20\36-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v20-{A7C6398E-F139-45FA-8600-7493321B559F}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\21\37-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v21-{A7C6398E-F139-45FA-8600-7493321B559F}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\22\38-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v22-{A7C6398E-F139-45FA-8600-7493321B559F}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\22\38-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v22-{A7C6398E-F139-45FA-8600-7493321B559F}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\52\38-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v52-{F16E8C28-694D-491D-8F75-0806917E09FF}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\52\38-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v52-{F16E8C28-694D-491D-8F75-0806917E09FF}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\52\38-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v52-{F16E8C28-694D-491D-8F75-0806917E09FF}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\53\53-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v53-{A7C6398E-F139-45FA-8600-7493321B559F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\53\53-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v53-{A7C6398E-F139-45FA-8600-7493321B559F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\53\53-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v53-{A7C6398E-F139-45FA-8600-7493321B559F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\54\54-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v54-{A7C6398E-F139-45FA-8600-7493321B559F}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\54\54-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v54-{A7C6398E-F139-45FA-8600-7493321B559F}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\55\55-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v55-{A7C6398E-F139-45FA-8600-7493321B559F}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\55\55-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v55-{A7C6398E-F139-45FA-8600-7493321B559F}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\56\42-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v56-{F16E8C28-694D-491D-8F75-0806917E09FF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\56\42-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v56-{F16E8C28-694D-491D-8F75-0806917E09FF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\56\42-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v56-{F16E8C28-694D-491D-8F75-0806917E09FF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\57\43-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v57-{F16E8C28-694D-491D-8F75-0806917E09FF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\57\43-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v57-{F16E8C28-694D-491D-8F75-0806917E09FF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\57\43-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v57-{F16E8C28-694D-491D-8F75-0806917E09FF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\58\44-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v58-{F16E8C28-694D-491D-8F75-0806917E09FF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\58\44-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v58-{F16E8C28-694D-491D-8F75-0806917E09FF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\58\44-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v58-{F16E8C28-694D-491D-8F75-0806917E09FF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\59\45-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v59-{F16E8C28-694D-491D-8F75-0806917E09FF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\59\45-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v59-{F16E8C28-694D-491D-8F75-0806917E09FF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\59\45-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v59-{F16E8C28-694D-491D-8F75-0806917E09FF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\83\45-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v183-{A7C6398E-F139-45FA-8600-7493321B559F}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\83\45-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v183-{A7C6398E-F139-45FA-8600-7493321B559F}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\84\40-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v184-{A7C6398E-F139-45FA-8600-7493321B559F}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\84\40-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v184-{A7C6398E-F139-45FA-8600-7493321B559F}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\85\41-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v185-{A7C6398E-F139-45FA-8600-7493321B559F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\85\41-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v185-{A7C6398E-F139-45FA-8600-7493321B559F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\85\41-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v185-{A7C6398E-F139-45FA-8600-7493321B559F}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\86\42-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v186-{A7C6398E-F139-45FA-8600-7493321B559F}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\86\42-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v186-{A7C6398E-F139-45FA-8600-7493321B559F}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\87\43-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v187-{A7C6398E-F139-45FA-8600-7493321B559F}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\87\43-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v187-{A7C6398E-F139-45FA-8600-7493321B559F}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\88\44-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v188-{A7C6398E-F139-45FA-8600-7493321B559F}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sarl.sebastien.arnaud@orange.fr\DFSR\Staging\CS{15AAFC0E-B232-D3EF-BAD2-F79E487D120F}\88\44-{65BB732D-9756-4DAA-9356-5192C2807DC5}-v188-{A7C6398E-F139-45FA-8600-7493321B559F}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\01\19-{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\16\14-{8AE46108-730B-493F-9280-306870EE0162}-v16-{F16E8C28-694D-491D-8F75-0806917E09FF}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\30\30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\semou-vtk@hotmail.fr\DFSR\Staging\CS{D3F9EFFC-E2F7-251A-76AA-5948FF20BC32}\30\30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\01\24-{C25A97B6-CD7C-013F-F387-4574F7262571}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\25\25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\25\25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sophmarrakech@hotmail.com\DFSR\Staging\CS{C25A97B6-CD7C-013F-F387-4574F7262571}\25\25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\01\26-{4A59449E-BB6B-5D97-27A9-7E473FD5132A}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\27\27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\27\27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\sounebis@hotmail.fr\DFSR\Staging\CS{4A59449E-BB6B-5D97-27A9-7E473FD5132A}\27\27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Messenger\doudoubis@hotmail.com\SharingMetadata\vicoly@hotmail.com\DFSR\Staging\CS{0A89E5DC-7646-50E5-23AA-7958302C22E5}\01\16-{0A89E5DC-7646-50E5-23AA-7958302C22E5}-v1-{5F4F7EF1-4685-49E3-8831-3081371E3522}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.13 ----


Voici
27 Novembre 2007 20:38:07

Re,

On vérifie.
Refais le cadre avec Otmovelt et poste moi le rapport.
puis reposte un Hijackthis.
28 Novembre 2007 10:13:19

bonjour,

Voici donc le rapport Otmelt :

File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File/Folder E:\Autorun.inf not found.
File/Folder not found.

Created on 11/28/2007 10:04:45
28 Novembre 2007 10:14:40



Logfile of HijackThis v1.99.1
Scan saved at 10:13:47, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\ARNAUD David\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator6\CheckNewUser.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



en attente de vos instructions

Merci
28 Novembre 2007 10:46:33

On va essayer une supression manuelle.

Aller dans poste de travail>outils>option des dossiers>affichage>afficher les fichiers et dossiers cachés. - - > Appliquer - - > OK

Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les fichiers protégés du système d’exploitation. - - > Appliquer - - > OK
(Tu recoches après)

Supprime D:\autorun.inf, et autres autorun.inf sur autres lecteurs si tu en trouves.

++++++++++++


Relance HiJackThis, do a system scan only, coche ces lignes :
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

Puis Fix Checked !


Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
Autorise les active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.

Puis reposte un Hijackthis.
28 Novembre 2007 19:09:21

Excuse moi mais avant de faire une betise je voualis savoir ?

Est ce que j'efface ts les fichiers autorun.inf ?

Parce que pour commencer j en ai pas sous D:\ vu que c'est mon lecteur de cd ? dc je comprend pas ??

Ensuite j ai effectué une recherche et j en ai trouvé 15 !
Mais ils st ds des fichiers comme :

- C:\ Programme files\HP\Digital Imaging\........
- C:\ Programme files\offre wanadoo\...
- C:\ TOOLSCD\Display driver\ Intel

ainsi que les fichiers comme killbox, _otmovelt, ...
Etc ...

Donc est ce que je dois tous les supprimer ??

Désolé de cette question mais pas envie de faire de bétise !


Merci de votre réponse !


28 Novembre 2007 19:16:51

Nan, faisl a suite ;) 
28 Novembre 2007 19:17:56

ok merci
29 Novembre 2007 14:49:16

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 29, 2007 2:48:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/11/2007
Kaspersky Anti-Virus database records: 468065
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 70362
Number of viruses found: 3
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 01:47:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Norton Internet Security\Norton AntiVirus\Quarantine\0B2E6E5F.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\All Users\Documents\Norton Internet Security\Norton AntiVirus\Quarantine\11E75CF9.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\All Users\Documents\Norton Internet Security\Norton AntiVirus\Quarantine\12591A7B.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\All Users\Documents\Norton Internet Security\Norton AntiVirus\Quarantine\6B217AC1.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\All Users\Documents\Norton Internet Security\Norton AntiVirus\Quarantine\6B836655.htt Infected: Trojan.VBS.Starter.a skipped
C:\Documents and Settings\ARNAUD David\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped
C:\Documents and Settings\ARNAUD David\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\ARNAUD David\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\ARNAUD David\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\ARNAUD David\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Documents and Settings\ARNAUD David\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\ARNAUD David\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
C:\Documents and Settings\ARNAUD David\Bureau\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\ARNAUD David\Bureau\clean.zip/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\ARNAUD David\Bureau\clean.zip ZIP: infected - 1 skipped
C:\Documents and Settings\ARNAUD David\Bureau\Navilog1.exe/file7 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\ARNAUD David\Bureau\Navilog1.exe Inno: infected - 1 skipped
C:\Documents and Settings\ARNAUD David\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ARNAUD David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ARNAUD David\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ARNAUD David\Local Settings\Historique\History.IE5\MSHist012007112920071130\index.dat Object is locked skipped
C:\Documents and Settings\ARNAUD David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ARNAUD David\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ARNAUD David\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010008.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP66\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{606ADD42-813A-4A51-9505-E9DF39A90C1C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
29 Novembre 2007 14:51:49

Logfile of HijackThis v1.99.1
Scan saved at 14:51:39, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ARNAUD David\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator6\CheckNewUser.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

29 Novembre 2007 15:01:24

Re,

C'est clean. Toujours des problèmes ?

Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints
Tuto
Ton infection :Egdaccess/Magic.control/Navipromo
29 Novembre 2007 15:04:20

Voici !
29 Novembre 2007 15:17:41

Effectivement mon pc rame bcp moins ! je vous en remercie

Le seul soucis persistant est que je n'ai pas acces a mon gestionnaire de tache !

Pouvez vous m aider pour cela ?

Merci d avance
29 Novembre 2007 15:25:55

sans vouloir abuser de votre sympathie, Bien sur !
29 Novembre 2007 15:59:50

Re,

Et après avoir fait ça ?


Télécharge ZebRestore
Dézippe-le. Ouvre le dossier, lance le en double cliquant sur l’exe.
Coche :
- RegEdit
- Clés RUN
- Bouton Arrêter
- Windows Update
- Gestionnaire des tâches
- Panneau de configuration
- Ajout/Suppression de programmes
- Policies
- Bureau
- Réparation IE
- Extension des fichiers
- Sites de confiance et sensibles
- Préfixes et Protocoles Internet
- Réinitialiser Fichier Hosts
Clique sur Restaurer. Ferme le programme.
29 Novembre 2007 16:36:40

Merci beaucoup pour tous !

Je ne sais pas trop comment vous remercier !

David
29 Novembre 2007 16:47:33

Ça marche ?
De rien, @ + ;) 
30 Novembre 2007 09:48:11

Je comprend pas trop puisque la deuxieme page de commentaire a disparu !!!!

Bref pas très grave, je voulais donc vous remercier de l'aide que vous m'aviez apporté ! sans quoi mon pc serai encore en train de s'allumer à l'heure qu'il est !

je ne sais tro comment vous remercier !


Cordialement

David
30 Novembre 2007 09:50:01

elle vient de réapparaitre !!!! comme par magie !

Merci encore
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS