Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

trojan fakealert résolu

toscabriane

Par toscabriane
dans Analyses et éradication malwares

 Partager

Messages recommandés

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir toscabriane,

 

*** J'espère que tu passes une agréable fin de semaine... *** :P

 

 

executer regedit rechercher et hotbar

--> Avais-tu préalablement sauvegardé le registre avant ces manipulations ? As-tu supprimé aussi les éventuelles CLSID associées ?

--> L'éditeur de registre est aussi pratique que dangereux, une mauvaise manipulation peut provoquer les problèmes que tu rencontres... :P

 

 

si tu peux les reformuler merci par avance

--> Rencontrais-tu ces plantages sans antivirus ?

 

 

Voici d'autres questions auxquelles je n'avais pas vu de réponse :

--> Même en cochant la case "Afficher les mises à jour", tu ne vois pas Spy Sweeper Core ?

--> Tous les autres programmes étaient-ils complètement fermés ?

--> Quand il te demande de patienter, que dit le Gestionnaire des tâches (CTRL + ALT + DEL/SUPP) ? Vois-tu un processus qui prend plus de mémoire où qui utilise plus de CPU (pourcentage) ?

--> Si tu renommes Rootrepeal.exe en toto.exe avant de le lancer, ton souci est-il le même ?

--> As-tu d'autres problèmes avec ce PC ?

 

 

 

oui j ai remis pour l'instant sécuritoo par F-sécure

--> Nous en discutons justement avec quelques collègues. Outre l'efficacité plus que relative de ce produit, certaines démarches commerciales semblent effrayer les utilisateurs pour le vendre (je suis belge). Je t'avais recommandé AntiVir, gratuit et plus léger... :P

 

 

C:\Documents and Settings\robert\Application Data\SYSTEM32.dll (Trojan.Agent) -> No action taken.

--> T'es-tu occupé de ce fichier et de ses entrées manuellement aussi ?

 

 

# Poste un rapport HijackThis stp afin de voir ce que nous pouvons désactiver au démarrage.

 

 

@ te lire,

toscabriane Member

toscabriane

Posté(e)
  • Auteur
Posté(e)

[

 

--> Rencontrais-tu ces plantages sans antivirus ?

 

je suis restée pas longtemps sans antivirus, je l ai remis tout de suite

 

 

Voici d'autres questions auxquelles je n'avais pas vu de réponse :

--> Même en cochant la case "Afficher les mises à jour", tu ne vois pas Spy Sweeper Core ?

non je ne le vois pas

 

--> Tous les autres programmes étaient-ils complètement fermés ?

 

oui

--> Quand il te demande de patienter, que dit le Gestionnaire des tâches (CTRL + ALT + DEL/SUPP) ? Vois-tu un processus qui prend plus de mémoire où qui utilise plus de CPU (pourcentage) ?

je n ai pas fait attention - dois je le refaire

 

--> Si tu renommes Rootrepeal.exe en toto.exe avant de le lancer, ton souci est-il le même ? oui

 

--> As-tu d'autres problèmes avec ce PC ?

non je n ai pas d autres problèmes

 

 

 

 

--> Nous en discutons justement avec quelques collègues. Outre l'efficacité plus que relative de ce produit, certaines démarches commerciales semblent effrayer les utilisateurs pour le vendre (je suis belge). Je t'avais recommandé AntiVir, gratuit et plus léger... :P

 

ok je mettrai antivi

 

 

--> T'es-tu occupé de ce fichier et de ses entrées manuellement aussi ?

non je n ai rien fait

 

# Poste un rapport HijackThis stp afin de voir ce que nous pouvons désactiver au démarrage.

 

 

@ te lire,

toscabriane Member

toscabriane

Posté(e)
  • Auteur
Posté(e)

[

 

# Poste un rapport HijackThis stp afin de voir ce que nous pouvons désactiver au démarrage.

 

 

 

voici le rapport :

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:08:28, on 04/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\afasrv32.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe

C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE

C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Apps\Softex\OmniPass\scureapp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\USBESTDI\iconcs80354875.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE

C:\WINDOWS\MHotkey.exe

C:\WINDOWS\CDCtr.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\ModHidKey.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\robert\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?referrer=ign_n

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - (no file)

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run

O4 - HKLM\..\Run: [OmniPass] "C:\Apps\Softex\OmniPass\scureapp.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"

O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"

O4 - HKLM\..\Run: [synchronization Manager] "%SystemRoot%\system32\mobsync.exe" /logon

O4 - HKLM\..\Run: [LchMHotkey] LchMHKey.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\USBESTDI\iconcs80354875.exe RunFromReg

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MailNotifier] C:\Program Files\Orange\MailNotifier\MailNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.fr/s/v/57.09/uploader2.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/30.61/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://joellerobert3.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} - http://logicielsgratuits.orange.fr/downloa...geInstaller.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://joellerobert3.spaces.live.com/Photo...ad/MsnPUpld.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfi...fig_4_0_1_3.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8971.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.securitoo.com/ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 15782 bytes

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonjour toscabriane,

 

*** Désolé pour l'attente, j'ai toujours énormément de travail ! ***

 

 

je suis restée pas longtemps sans antivirus, je l ai remis tout de suite

--> L'objectif de la manoeuvre était justement de tester ton poste sans ce F-Secure... quasiment imposé par ton F.A.I.

 

 

je n ai pas fait attention - dois je le refaire

--> Oui, dans le Gestionnaire des tâches, si tu parviens à trouver quelle application monopolise les ressources, cela pourrait nous aider à corriger ton souci (mais encore une fois, il y a beaucoup de chance que ce soit cet antivirus)

 

 

1) Rends-toi dans l'Ajout/Suppression de programmes et désinstalle tout ce qui concerne le kit Orange / F-Secure / Antivirus Firewall.

 

 

2) Redémarre la machine.

 

 

3) Teste le PC sur des sites officiels (le temps de voir s'il plante encore).

 

 

4) Télécharge et installe la dernière version d'AntiVir.

 

 

5) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "msconfig". Valide avec OK.

==> Dans l'onglet Démarrage, décoche les cases suivantes (le nom peut être légèrement différent)

 

  • [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
  • [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
  • [RTHDCPL] "RTHDCPL.EXE"
  • [Alcmtr] "ALCMTR.EXE"
  • [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
  • [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
  • [nwiz] nwiz.exe /install
  • [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  • [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  • [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  • [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  • [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Note : tu pourras évidemment recocher les cases si quelque chose devait dysfonctionner suite à la manipulation. :P

 

 

6) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "services.msc". Valide avec OK.

 

Descends jusqu'à la ligne Service Bonjour (Bonjour Service), double-clique dessus et choisi dans "Démarrage" : DESACTIVE.

 

 

7) Relance HijackThis, et fixe les lignes suivantes :

 

  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  • R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
  • O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
  • O3 - Toolbar: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - (no file)
  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)
  • O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)
  • O16 - DPF ==> toutes celles qui présentent des sites que tu ne connais pas ou que tu ne visites pas régulièrement.

 

 

Je te souhaite un excellent we,

:P

toscabriane Member

toscabriane

Posté(e)
  • Auteur
Posté(e)

[bonjour Wawaseb

 

*** Désolé pour l'attente, j'ai toujours énormément de travail ! ***

 

ce n est pas grave

 

j ai réussi a lancé Rootrepeal

 

 

rapport ci dessous

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/03/06 17:37

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

 

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB5D19000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA604000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB3514000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\Documents and Settings\robert\Local Settings\Apps\2.0\RH1PP7DY.LX1\ZN7JJKOM.KQB\manifests\clickonce_bootstrap.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\robert\Local Settings\Apps\2.0\RH1PP7DY.LX1\ZN7JJKOM.KQB\manifests\clickonce_bootstrap.exe.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\brigitteavena@hotmail.fr\DFSR\Staging\CS{D49689E6-97DB-01B1-362A-26E05A82C818}\52\352-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v352-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v352-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\32\932-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\38\938-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v938-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v938-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\39\939-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v939-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v939-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\84\484-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\85\485-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\lugdivine13@hotmail.fr\DFSR\Staging\CS{73F91CE2-C535-0C05-AAAA-1A5E90FBB8AE}\03\603-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\01\129-{E~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\08\128-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\09\126-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\10\127-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\12\112-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\44\142-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\47\747-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v747-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v747-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\48\748-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v748-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v748-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\62\762-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v762-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v762-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\63\763-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v763-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v763-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\65\265-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v265-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v265-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\67\367-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v367-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v367-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\75\375-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v375-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v375-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\09\809-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v809-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v809-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\10\810-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v810-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v810-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\11\811-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v811-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v811-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\12\812-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v812-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v812-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\13\813-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v813-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v813-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\14\814-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v814-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v814-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\15\815-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v815-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v815-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\19\819-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v819-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v819-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\26\826-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v826-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v826-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\28\828-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v828-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v828-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\29\829-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v829-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v829-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\38\838-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v838-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v838-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\41\841-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v841-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v841-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\44\844-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v844-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v844-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\07\64-{F3~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\56\556-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\77\577-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\13\1013-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1013-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1013-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\14\1014-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1014-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1014-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\15\1015-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1015-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1015-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\00\967-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\01\968-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\02\969-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\03\970-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\04\977-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\05\972-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\06\973-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\12\980-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\14\914-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v914-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v914-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\15\915-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v915-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v915-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\21\921-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v921-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v921-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\22\622-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v622-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v622-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\22\922-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v922-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v922-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\23\623-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v623-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v623-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\24\624-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v624-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v624-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\25\625-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v625-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v625-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\26\626-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v626-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v626-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\27\627-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v627-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v627-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\28\628-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v628-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v628-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\29\629-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v629-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v629-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\30\630-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v630-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v630-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\31\631-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v631-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v631-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\32\632-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v632-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v632-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\33\633-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\81\948-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\82\949-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\97\964-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\98\965-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\99\966-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tifouine@msn.com\DFSR\Staging\CS{E8D21513-D7F7-38CB-2289-DEA052B2D287}\80\580-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\64\570-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\64\572-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\74\574-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\viviendelaye@hotmail.com\DFSR\Staging\CS{5289BC4D-CDB5-1EC6-2C1A-6B719FD39EC9}\11\1011-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1011-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1011-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\viviendelaye@hotmail.com\DFSR\Staging\CS{5289BC4D-CDB5-1EC6-2C1A-6B719FD39EC9}\93\993-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v993-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v993-DoSSDT

-------------------

#: 047 Function Name: NtCreateProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cacc6

 

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cace0

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9e7c

 

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca1ac

 

#: 108 Function Name: NtMapViewOfSection

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9bbc

 

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca5de

 

#: 192 Function Name: NtRenameKey

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cb87c

 

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca42e

 

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9a3c

 

#: 254 Function Name: NtSuspendThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9eb0

 

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca032

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9996

 

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9af6

 

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9f76

 

Shadow SSDT

-------------------

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cc636

 

==EOF==

 

--> Oui, dans le Gestionnaire des tâches, si tu parviens à trouver quelle application monopolise les ressources, cela pourrait nous aider à corriger ton souci (mais encore une fois, il y a beaucoup de chance que ce soit cet ant

 

1) Rends-toi dans l'Ajout/Suppression de programmes et désinstalle tout ce qui concerne le kit Orange / F-Secure / Antivirus Firewall.

 

 

2) Redémarre la machine.

 

 

3) Teste le PC sur des sites officiels (le temps de voir s'il plante encore).

 

 

4) Télécharge et installe la dernière version d'AntiVir.

 

 

5) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "msconfig". Valide avec OK.

==> Dans l'onglet Démarrage, décoche les cases suivantes (le nom peut être légèrement différent)

 

  • [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
  • [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
  • [RTHDCPL] "RTHDCPL.EXE"
  • [Alcmtr] "ALCMTR.EXE"
  • [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
  • [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
  • [nwiz] nwiz.exe /install
  • [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  • [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  • [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  • [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  • [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Note : tu pourras évidemment recocher les cases si quelque chose devait dysfonctionner suite à la manipulation. :P

 

 

6) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "services.msc". Valide avec OK.

 

Descends jusqu'à la ligne Service Bonjour (Bonjour Service), double-clique dessus et choisi dans "Démarrage" : DESACTIVE.

 

 

7) Relance HijackThis, et fixe les lignes suivantes :

 

  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  • R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
  • O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
  • O3 - Toolbar: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - (no file)
  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)
  • O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)
  • O16 - DPF ==> toutes celles qui présentent des sites que tu ne connais pas ou que tu ne visites pas régulièrement.

 

 

Je te souhaite un excellent we,

:P

toscabriane Member

toscabriane

Posté(e)
  • Auteur
Posté(e)

[bonjour Wawaseb

 

*** Désolé pour l'attente, j'ai toujours énormément de travail ! ***

 

ce n est pas grave

 

j ai réussi a lancé Rootrepeal

 

 

rapport ci dessous

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/03/06 17:37

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

 

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB5D19000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA604000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB3514000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\Documents and Settings\robert\Local Settings\Apps\2.0\RH1PP7DY.LX1\ZN7JJKOM.KQB\manifests\clickonce_bootstrap.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\robert\Local Settings\Apps\2.0\RH1PP7DY.LX1\ZN7JJKOM.KQB\manifests\clickonce_bootstrap.exe.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\brigitteavena@hotmail.fr\DFSR\Staging\CS{D49689E6-97DB-01B1-362A-26E05A82C818}\52\352-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v352-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v352-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\32\932-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\38\938-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v938-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v938-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\39\939-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v939-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v939-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\84\484-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\coccinelle.84@hotmail.fr\DFSR\Staging\CS{B3500862-43EE-2E99-A745-FAFA5D068036}\85\485-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\lugdivine13@hotmail.fr\DFSR\Staging\CS{73F91CE2-C535-0C05-AAAA-1A5E90FBB8AE}\03\603-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\01\129-{E~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\08\128-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\09\126-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\10\127-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\12\112-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\44\142-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\47\747-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v747-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v747-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\48\748-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v748-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v748-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\62\762-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v762-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v762-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\63\763-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v763-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v763-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\65\265-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v265-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v265-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\67\367-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v367-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v367-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\mymylilou84@hotmail.fr\DFSR\Staging\CS{117D4182-E0AA-CE70-1D2E-112889B218B6}\75\375-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v375-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v375-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\09\809-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v809-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v809-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\10\810-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v810-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v810-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\11\811-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v811-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v811-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\12\812-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v812-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v812-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\13\813-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v813-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v813-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\14\814-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v814-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v814-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\15\815-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v815-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v815-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\19\819-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v819-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v819-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\26\826-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v826-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v826-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\28\828-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v828-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v828-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\29\829-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v829-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v829-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\38\838-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v838-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v838-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\41\841-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v841-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v841-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\pascalgueno55@hotmail.fr\DFSR\Staging\CS{4EC79F05-6D6A-CB20-A933-62C0BE2B5F76}\44\844-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v844-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v844-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\07\64-{F3~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\56\556-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\patetine@msn.com\DFSR\Staging\CS{758A4FDE-6A6F-F55D-AF2A-133705A3F85C}\77\577-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\13\1013-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1013-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1013-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\14\1014-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1014-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1014-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\psycotaz31@hotmail.com\DFSR\Staging\CS{949C4341-5BE6-4522-F2AC-CB1105773A6A}\15\1015-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1015-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1015-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\00\967-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\01\968-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\02\969-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\03\970-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\04\977-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\05\972-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\06\973-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\12\980-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\14\914-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v914-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v914-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\15\915-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v915-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v915-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\21\921-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v921-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v921-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\22\622-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v622-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v622-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\22\922-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v922-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v922-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\23\623-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v623-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v623-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\24\624-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v624-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v624-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\25\625-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v625-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v625-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\26\626-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v626-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v626-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\27\627-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v627-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v627-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\28\628-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v628-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v628-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\29\629-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v629-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v629-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\30\630-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v630-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v630-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\31\631-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v631-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v631-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\32\632-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v632-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v632-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\33\633-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\81\948-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\82\949-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\97\964-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\98\965-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\purple_shadow16@hotmail.com\DFSR\Staging\CS{73EDA22B-8A67-2D03-DCB2-F6BA29A03095}\99\966-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tifouine@msn.com\DFSR\Staging\CS{E8D21513-D7F7-38CB-2289-DEA052B2D287}\80\580-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\64\570-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\64\572-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\tonykarine@hotmail.com\DFSR\Staging\CS{11A83F19-B89F-E22E-4DB1-C48C90C7164A}\74\574-{F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\viviendelaye@hotmail.com\DFSR\Staging\CS{5289BC4D-CDB5-1EC6-2C1A-6B719FD39EC9}\11\1011-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1011-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v1011-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\robert\Local Settings\Application Data\Microsoft\Messenger\joellerobert3@hotmail.com\SharingMetadata\viviendelaye@hotmail.com\DFSR\Staging\CS{5289BC4D-CDB5-1EC6-2C1A-6B719FD39EC9}\93\993-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v993-{F3E9B610-DB8B-4F55-9E22-F297AAB788A9}-v993-DoSSDT

-------------------

#: 047 Function Name: NtCreateProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cacc6

 

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cace0

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9e7c

 

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca1ac

 

#: 108 Function Name: NtMapViewOfSection

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9bbc

 

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca5de

 

#: 192 Function Name: NtRenameKey

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cb87c

 

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca42e

 

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9a3c

 

#: 254 Function Name: NtSuspendThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9eb0

 

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2ca032

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9996

 

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9af6

 

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2c9f76

 

Shadow SSDT

-------------------

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0xba2cc636

 

==EOF==

toscabriane Member

toscabriane

Posté(e)
  • Auteur
Posté(e)

[désolée j'ai posté le rapport deux foix

 

bon maintenant il me reste à annuler sécuritoo et à mettre ton antivirus antivir

 

 

merci pour tous ces renseignements

 

bon WE

toscabriane Member

toscabriane

Posté(e)
  • Auteur
Posté(e)

[

 

5) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "msconfig". Valide avec OK.

==> Dans l'onglet Démarrage, décoche les cases suivantes (le nom peut être légèrement différent)

 

  • [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
  • [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
  • [RTHDCPL] "RTHDCPL.EXE"
  • [Alcmtr] "ALCMTR.EXE"
  • [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
  • [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
  • [nwiz] nwiz.exe /install
  • [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  • [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  • [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  • [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  • [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Note : tu pourras évidemment recocher les cases si quelque chose devait dysfonctionner suite à la manipulation. :P

 

 

6) Clique sur "Démarrer", puis sur "Exécuter" et tape sans guillemet "services.msc". Valide avec OK.

 

Descends jusqu'à la ligne Service Bonjour (Bonjour Service), double-clique dessus et choisi dans "Démarrage" : DESACTIVE.

 

 

7) Relance HijackThis, et fixe les lignes suivantes :

 

  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  • R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
  • O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
  • O3 - Toolbar: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - (no file)
  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)
  • O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (file missing)
  • O16 - DPF ==> toutes celles qui présentent des sites que tu ne connais pas ou que tu ne visites pas régulièrement.

 

 

Je te souhaite un excellent we,

 

 

 

 

j ai fait eexécuter et relancer hijackis

 

merci

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...