toscabriane

[ --> Prends tout ton temps, le PC n'est plus infecté et j'ai largement de quoi m'occuper d'ici là ! je te remercie beaucoup, à plus tard

[*** J'espère que tu as passé un agréable we... *** oui merci j espère que toi aussi # Pourrais-tu stp relancer GMER après avoir désinstallé Securitoo (avant l'installation d'AntiVir si tu ne l'as pas déjà mis) ? J'aimerais vérifier quelque chose... ok Tu confirmes ne pas avoir de publicités intempestives / fenêtres t'incitant à vérifier ton PC "gratuitement" ? une époque j en eu mais plus maintenant @ te lire, bonne soirée

[ 5) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "msconfig". Valide avec OK. ==> Dans l'onglet Démarrage, décoche les cases suivantes (le nom peut être légèrement différent) [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController [RTHDCPL] "RTHDCPL.EXE" [Alcmtr] "ALCMTR.EXE" [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName [nwiz] nwiz.exe /install [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Note : tu pourras évidemment recocher les cases si quelque chose devait dysfonctionner suite à la manipulation. 6) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "services.msc". Valide avec OK. Descends jusqu'à la ligne Service Bonjour (Bonjour Service), double-clique dessus et choisi dans "Démarrage" : DESACTIVE. 7) Relance HijackThis, et fixe les lignes suivantes : R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file) O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O16 - DPF ==> toutes celles qui présentent des sites que tu ne connais pas ou que tu ne visites pas régulièrement. Je te souhaite un excellent we, j ai fait eexécuter et relancer hijackis merci

[désolée j'ai posté le rapport deux foix bon maintenant il me reste à annuler sécuritoo et à mettre ton antivirus antivir merci pour tous ces renseignements bon WE

[bonjour Wawaseb *** Désolé pour l'attente, j'ai toujours énormément de travail ! *** ce n est pas grave j ai réussi a lancé Rootrepeal rapport ci dessous ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/03/06 17:37 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB5D19000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA604000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB3514000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\robert\Local Settings\Apps\2.0\RH1PP7DY.LX1\ZN7JJKOM.KQB\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\robert\Local Settings\Apps\2.0\RH1PP7DY.LX1\ZN7JJKOM.KQB\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\brigitteavena@hotmail.fr\DFSR\Staging\CS{D49689E6-97DB-01B1-362A-26E05A82C818}\52\352-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v352-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v352-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\32\932-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\38\938-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v938-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v938-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\39\939-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v939-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v939-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\84\484-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\85\485-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\lugdivine13@hotmail.fr\DFSR\Staging\CS{73F91CE2-C535-0C05-AAAA-1A5E90FBB8AE}\03\603-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\01\129-{E~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\08\128-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\09\126-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\10\127-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\12\112-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\44\142-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\47\747-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v747-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v747-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\48\748-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v748-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v748-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\62\762-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v762-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v762-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\63\763-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v763-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v763-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\65\265-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v265-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v265-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\67\367-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v367-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v367-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\75\375-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v375-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v375-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\09\809-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v809-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v809-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\10\810-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v810-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v810-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\11\811-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v811-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v811-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\12\812-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v812-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v812-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\13\813-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v813-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v813-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\14\814-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v814-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v814-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\15\815-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v815-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v815-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\19\819-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v819-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v819-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\26\826-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v826-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v826-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\28\828-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v828-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v828-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\29\829-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v829-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v829-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\38\838-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v838-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v838-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\41\841-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v841-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v841-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\44\844-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v844-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v844-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\07\64-{F3~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\56\556-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\77\577-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\13\1013-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1013-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1013-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\14\1014-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1014-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1014-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\15\1015-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1015-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1015-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\00\967-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\01\968-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\02\969-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\03\970-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\04\977-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\05\972-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\06\973-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\12\980-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\14\914-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v914-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v914-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\15\915-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v915-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v915-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\21\921-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v921-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v921-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\22\622-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v622-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v622-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\22\922-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v922-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v922-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\23\623-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v623-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v623-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\24\624-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v624-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v624-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\25\625-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v625-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v625-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\26\626-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v626-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v626-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\27\627-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v627-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v627-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\28\628-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v628-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v628-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\29\629-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v629-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v629-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\30\630-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v630-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v630-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\31\631-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v631-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v631-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\32\632-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v632-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v632-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\33\633-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\81\948-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\82\949-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\97\964-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\98\965-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\99\966-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tifouine@msn.com\DFSR\Staging\CS{E8D21513-D7F7-38CB-2289-DEA052B2D287}\80\580-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\64\570-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\64\572-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\74\574-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\viviendelaye@hotmail.com\DFSR\Staging\CS{5289BC4D-CDB5-1EC6-2C1A-6B719FD39EC9}\11\1011-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1011-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1011-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\viviendelaye@hotmail.com\DFSR\Staging\CS{5289BC4D-CDB5-1EC6-2C1A-6B719FD39EC9}\93\993-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v993-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v993-DoSSDT ------------------- #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cacc6 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cace0 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9e7c #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca1ac #: 108 Function Name: NtMapViewOfSection Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9bbc #: 125 Function Name: NtOpenSection Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca5de #: 192 Function Name: NtRenameKey Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cb87c #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca42e #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9a3c #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9eb0 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca032 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9996 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9af6 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9f76 Shadow SSDT ------------------- #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cc636 ==EOF== --> Oui, dans le Gestionnaire des tâches, si tu parviens à trouver quelle application monopolise les ressources, cela pourrait nous aider à corriger ton souci (mais encore une fois, il y a beaucoup de chance que ce soit cet ant 1) Rends-toi dans l'Ajout/Suppression de programmes et désinstalle tout ce qui concerne le kit Orange / F-Secure / Antivirus Firewall. 2) Redémarre la machine. 3) Teste le PC sur des sites officiels (le temps de voir s'il plante encore). 4) Télécharge et installe la dernière version d'AntiVir. 5) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "msconfig". Valide avec OK. ==> Dans l'onglet Démarrage, décoche les cases suivantes (le nom peut être légèrement différent) [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController [RTHDCPL] "RTHDCPL.EXE" [Alcmtr] "ALCMTR.EXE" [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName [nwiz] nwiz.exe /install [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Note : tu pourras évidemment recocher les cases si quelque chose devait dysfonctionner suite à la manipulation. 6) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "services.msc". Valide avec OK. Descends jusqu'à la ligne Service Bonjour (Bonjour Service), double-clique dessus et choisi dans "Démarrage" : DESACTIVE. 7) Relance HijackThis, et fixe les lignes suivantes : R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file) O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O16 - DPF ==> toutes celles qui présentent des sites que tu ne connais pas ou que tu ne visites pas régulièrement. Je te souhaite un excellent we,

[ # Poste un rapport HijackThis stp afin de voir ce que nous pouvons désactiver au démarrage. voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:08:28, on 04/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\afasrv32.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\Apps\Softex\OmniPass\scureapp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\USBESTDI\iconcs80354875.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE C:\WINDOWS\MHotkey.exe C:\WINDOWS\CDCtr.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\ModHidKey.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\robert\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?referrer=ign_n R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file) O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - (no file) O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [OmniPass] "C:\Apps\Softex\OmniPass\scureapp.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE" O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE" O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe" O4 - HKLM\..\Run: [synchronization Manager] "%SystemRoot%\system32\mobsync.exe" /logon O4 - HKLM\..\Run: [LchMHotkey] LchMHKey.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\USBESTDI\iconcs80354875.exe RunFromReg O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MailNotifier] C:\Program Files\Orange\MailNotifier\MailNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.fr/s/v/57.09/uploader2.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/30.61/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://joellerobert3.spaces.live.com//Phot...ad/MsnPUpld.cab O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} - http://logicielsgratuits.orange.fr/downloa...geInstaller.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://joellerobert3.spaces.live.com/Photo...ad/MsnPUpld.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfi...fig_4_0_1_3.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8971.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.securitoo.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 15782 bytes

[ --> Rencontrais-tu ces plantages sans antivirus ? je suis restée pas longtemps sans antivirus, je l ai remis tout de suite Voici d'autres questions auxquelles je n'avais pas vu de réponse : --> Même en cochant la case "Afficher les mises à jour", tu ne vois pas Spy Sweeper Core ? non je ne le vois pas --> Tous les autres programmes étaient-ils complètement fermés ? oui --> Quand il te demande de patienter, que dit le Gestionnaire des tâches (CTRL + ALT + DEL/SUPP) ? Vois-tu un processus qui prend plus de mémoire où qui utilise plus de CPU (pourcentage) ? je n ai pas fait attention - dois je le refaire --> Si tu renommes Rootrepeal.exe en toto.exe avant de le lancer, ton souci est-il le même ? oui --> As-tu d'autres problèmes avec ce PC ? non je n ai pas d autres problèmes --> Nous en discutons justement avec quelques collègues. Outre l'efficacité plus que relative de ce produit, certaines démarches commerciales semblent effrayer les utilisateurs pour le vendre (je suis belge). Je t'avais recommandé AntiVir, gratuit et plus léger... ok je mettrai antivi --> T'es-tu occupé de ce fichier et de ses entrées manuellement aussi ? non je n ai rien fait # Poste un rapport HijackThis stp afin de voir ce que nous pouvons désactiver au démarrage. @ te lire,

je n ai pas annulé non plus les les CLSID

--> Avais-tu préalablement sauvegardé le registre avant ces manipulations ? non pas du tout .

[bien que ces restes soient probablement inactifs, tu dois évidemment supprimer les détections. j ai supprimer tout ce qui s appelait hotbar par : executer regedit rechercher et hotbar

A nouveau, je ne suis pas devin, j'aurais plus de facilités si tu répondais à mes questions. ? y a t il des réponses non faites, je ne vois pas... si tu peux les reformuler merci par avance

[ Comment tourne ta machine ? elle tourne pas mal en général, mais quelques fois j ai des programmes qui se bloquent, je fais ctrl alt sup et fin de tache et cel repart

toujours là pour m aider ? j'ai refait une analyse avec malwarebyte : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3808 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/03/2010 09:53:12 mbam-log-2010-03-01 (09-53-03).txt Type de recherche: Examen complet (C:\|D:\|E:\|G:\|) Eléments examinés: 325071 Temps écoulé: 1 hour(s), 17 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> No action taken. Fichier(s) infecté(s): C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1161\A0324201.exe (Malware.Packer.Gen) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht (Adware.Hotbar) -> No action taken. C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> No action taken. C:\Documents and Settings\robert\Application Data\SYSTEM32.dll (Trojan.Agent) -> No action taken. j ai encore des fichiers infectés !

All processes killed ========== PROCESSES ========== ========== FILES ========== C:\WINDOWS\system32\drivers\sshrmd.sys moved successfully. C:\WINDOWS\system32\drivers\ssfs0bbc.sys moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology folder moved successfully. C:\Program Files\Viewpoint folder moved successfully. c:\Documents and Settings\robert\Application Data\Simply Super Software\Trojan Remover folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\var folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\log folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\Net\DNS\RR folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\Net\DNS\Resolver folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\Net\DNS folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\Net folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\HTML folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\auto\Net\DNS folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\auto\Net folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\auto\HTML\Parser folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\auto\HTML folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\auto folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3\HTML folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3\File folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3\auto\HTML\Parser folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3\auto\HTML folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3\auto\File\Glob folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3\auto\File folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3\auto folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib\5.8.3 folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\dlib folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control\aspam folder moved successfully. C:\Program Files\AntivirusFirewall\Spam Control folder moved successfully. C:\Program Files\AntivirusFirewall\NRS\litmus-ff@f-secure.com\skin\small folder moved successfully. C:\Program Files\AntivirusFirewall\NRS\litmus-ff@f-secure.com\skin\bp folder moved successfully. C:\Program Files\AntivirusFirewall\NRS\litmus-ff@f-secure.com\skin folder moved successfully. C:\Program Files\AntivirusFirewall\NRS\litmus-ff@f-secure.com folder moved successfully. C:\Program Files\AntivirusFirewall\NRS\blocked\image folder moved successfully. C:\Program Files\AntivirusFirewall\NRS\blocked folder moved successfully. C:\Program Files\AntivirusFirewall\NRS folder moved successfully. C:\Program Files\AntivirusFirewall\FWES\program folder moved successfully. C:\Program Files\AntivirusFirewall\FWES\logs folder moved successfully. C:\Program Files\AntivirusFirewall\FWES folder moved successfully. C:\Program Files\AntivirusFirewall\FSGUI folder moved successfully. C:\Program Files\AntivirusFirewall\Common\custom folder moved successfully. C:\Program Files\AntivirusFirewall\Common folder moved successfully. C:\Program Files\AntivirusFirewall\Anti-Virus\dbbackup\fsgkhs folder moved successfully. C:\Program Files\AntivirusFirewall\Anti-Virus\dbbackup folder moved successfully. C:\Program Files\AntivirusFirewall\Anti-Virus folder moved successfully. C:\Program Files\AntivirusFirewall folder moved successfully. C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: carolel ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 115348 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 25493626 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: robert ->Temp folder emptied: 1127076892 bytes ->Temporary Internet Files folder emptied: 71812081 bytes ->Java cache emptied: 12118713 bytes ->Apple Safari cache emptied: 1248193 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 33829376 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 297226 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 34428514 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 4413356 bytes RecycleBin emptied: 5213068865 bytes Total Files Cleaned = 6 222,00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02242010_083806 Files moved on Reboot... Registry entries deleted on Reboot...

non même avec afficher les mises à jour je ne vois rien, bon je vais commencer par désinstaller mon antivirus et commencer ta procédure ok je ne vais sur aucun site merci bonne journéé

pour l antivirus sécuritoo, je n ai pas de disque, mais on peut le télécharger par le site d'orange. bonne soirée

oui vacances très bonne, je te remercie pour le trombonne j 'ai essayé celà marche, donc je vais essayer de démonter la face avant pour voir effectivement si le contact se fait. Dans ajout suppression de programme, je n ai pas spy sweeper, par contre dans "démarrer,recherche" j ai spy sweeper dans c:\documents and setting puis je annuler par là ? j attends ta réponse avant de faire merci

bonjour oui j ai passé une semaine de vacances à Carcassone, Narbonne et fait la visite de quelques chateaux ainsi que le musée de l'Abé Saumière (par curiosité par rapport au livre de Davinci code) oui je souhaiterai faire le ménage de mon ordinateur, je ne parts pas cette semaine. bon W E et merci

oui j avais bien désactiver mon antivirus, tous les programmes étaient fermés Je n ai pas pu faire crt alt supprim, l 'ordi était figé, je l ai donc arreté par le bouton de la tour, et je n ai pas relancer Rootrepeal, ni Gmer, c est pourquoi je suis passé directement par Diaghelp. merci encore de m aider