Sujet Précédent Sujet Suivant

Mal/heuri-e... Mal/ofbus-A... Troj/Busky-gen

Reuyap Messages postés 30 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

Mal/heuri-e... Mal/ofbus-A... Troj/Busky-gen (voila ce que Spy-sweeper me trouve lorsque je fais un scan complet)

Spy-Sweeper me dit qu'il arrivé a maitrisé le (Troj Busky-gen) et a le maitre en quarantaine mais pas les deux (Mal), cependant le trojan revient apres un redémarrage de mon PC. et J'ai un message disant qu'il ne parvient pas a mettre les Mal/heuri-e, Mal/ofbus-A en quarantaine.
Ca fait des jours la et J'arrive a rien et mon Pc est hyper lent :(( aidez-moi svp ! merci d'avance.

J'ai fait un scan de HijackThis puisque il semblerait que cet outil soit génial et indispensable ici dont je post le résultat... :

Logfile of HijackThis v1.99.1
Scan saved at 01:01:20, on 2007-10-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\JEAN-M~1\SAUVEG~1\SAUV~1.BEL\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.250.145.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0DFD8F30-0C46-E79A-B048-93D5BF3D94A4} - SAPSTR.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?58abea2839d149c6a945c98ff1fddd4a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?58abea2839d149c6a945c98ff1fddd4a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D1B5118-3443-43EF-A3D2-148DD05A02C7}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A2EC58-1B20-4221-B4B1-BE24C7A93743}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA641A12-2A06-4258-A899-391029DDE196}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.153 85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

60 réponses

Précédent
Réponse 21 / 60
Reuyap Messages postés 30 Statut Membre 1
 
rebonjour,

dsl de pas avoir répondu plus tôt je travaillais, en fait aucun changement... et oui jai redémarrer et lancé hijackthis par la suite

mon pc est toujours aussi lent et jai un espece de défillement pas du tout fluide sur toutes les fenetres que j'utilise jai limpression que les virus sont encore présent :(

je pense que je vais esseyer de relancer un scan antivir ... =/

jsuis habitué que mes cas soit désespérer... lol
0
Réponse 22 / 60
photomaton Messages postés 7 Statut Membre
 
Merci de l'info

j'ai suivi le lien, c'est fait

encore désolé de foutre le boxon dans la conversation

A++
0
Réponse 23 / 60
Reuyap Messages postés 30 Statut Membre 1
 
rebonjour, aucun résultats avec antivir, sauf quelques warning mais jai pas plus rien faire... rien a deleter, je tenvoie encore mon hijackthis... je sais plus trop quoi faire par la suite :(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:42, on 2007-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?58abea2839d149c6a945c98ff1fddd4a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?58abea2839d149c6a945c98ff1fddd4a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D1B5118-3443-43EF-A3D2-148DD05A02C7}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 24 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

qui est ton fournisseur d'accès internet ?

Qu'as tu à voir avec Open DNS ?

Comment se porte l'ordi ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 60
Reuyap Messages postés 30 Statut Membre 1
 
Bonjour,...

Mon fournisseur internet est sympatico de Bell. ADSL,

J'ai aucune idée ce qu'est DNS... et lordi hmmm aucun changement apparent :(
0
Réponse 26 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

Redémarre l'ordi.

Tu testes les fonctionalités d'internet (messagerie, tchatche, navigateur, ...).

Si tu as un problème, tu réouvres Hijackthis, view the list of backups, tu recoches ces tois lignes et restore.

Tu me dis ce qui sest passé.

Tu scannes avec Spy Sweeper et tu postes le rapport.
0
Réponse 27 / 60
Reuyap Messages postés 30 Statut Membre 1
 
Jai cocher les trois, fixé et rebooté, l'internet fonctionne encore bien, le dernier test que j'ai fait hier avec spysweeper ma dit que maintenant le seul virus qui reste est le mal-heurie-E il me semble, toujours impossible de mettre en quarantaine,

je vais refaire un sweep apres envoir fait les 3 fix que tu m'as dit, mais comme c'est assé long je risque de seulement poster les résultats demain soir.

encore merci pour ton aide, je croise les doigts. :)
0
Réponse 28 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu peux me donner le nom coimplet du fichier infecté que te décèle SptSweeper. Merci.
0
Réponse 29 / 60
reuyap
 
Bonjour,

le nom complet que me détecte spy sweeper c'est seulement Mal/Heuri-E , jai aucune autre information de la part de spysweeper -_-

Risk : 5 Category : Behavior Action taken : Quarantine Failed.

mon nouveau hijackthis :....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:22, on 2007-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?58abea2839d149c6a945c98ff1fddd4a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?58abea2839d149c6a945c98ff1fddd4a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D1B5118-3443-43EF-A3D2-148DD05A02C7}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 30 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Tu télécharges AVG anti-spyware (gratuit même après la période d'essai) ici :

http://www.grisoft.com/doc/downloads-results/lng/fr/tpl/tpl01?prd=triasw

Tu enregistres le fichier dans un dossier.

A la fin du téléchargement, tu ouvres le dossier et tu doubles click sur avgas-setup-7.5.0.47.exe Tu suis les instructions.

Si on te demande de redémarrer ton ordinateur, tu le fais.

Pour lancer AVG anti spyware tu doubles click sur l'icone qui s'est créé sur le bureau.

La première fois que tu l'utilises, tu configures le logiciel.
Sur la page "état", tu choisis inactif pour le bouclier résident.

Sur la page "mise à jour", tu coches les cases sur les mises à jour automatiques et tu fais une mise à jour manuelle (commencer la mise à jour). Tu redémarres l'ordinateur si nécessaire.
Sur la page "analyse", tu choisis d'abord l'onglet "paramètres". Tu coches "générer un rapport après chaque analyse" et "uniquement en cas de menaces". Tu choisis aussi l'option "quarantaine" pour "comment réagir", 'définir l'action par défaut ...'
Tu choisis l'onglet analyser, nouvelle analyse, analyse complète du système.
Aa fin de l'analyse, tu cliques sur "action", "appliquer toutes les actions" puis "enregistrer le rapport" puis "enregistrer le rapport sous". Tu suis les instructions dans la fenêtre qui s'ouvre.
Ensuite, tu ouvres le rapport avec le bloc-notes pour le copier/coller avec ta réponse.

PS Il va faire double emploi avec SpySweeper. On le désinstallera en fin de traitement. Je cherche simplement à avoir la localisation du fichier infecté (et un nom plus précis du malware éventuellement).
0
Réponse 31 / 60
Reuyap Messages postés 30 Statut Membre 1
 
bonjour,
jai fait un scan avec AVG anti-spyware, j'avais coché qu'il me donne un rapport mais ne l'a pas fait pour je ne sais quel raison, alors jai refait un scan, tout ce qu'il avait détecter au départ c'était des spywares alertes medium, jai fait le menage, mais aucun virus.

J'ai refait le scan mais la, plus aucun spyware, le rapport me dit que ca :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:27:51 2007-11-06

+ Résultat de l'analyse:

Rien à signaler.

Fin du rapport

ca donne pas grand chose... alors je te redonne un rapport hijackthis, et je vais refaire un scan spysweeper, puisque... jai encore ce défillement hyper lent qui lag avec tout ce que je fais sur mon pc :s

vraiment désolé d'avoir un pc aussi con... -_-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:56, on 2007-11-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?58abea2839d149c6a945c98ff1fddd4a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?58abea2839d149c6a945c98ff1fddd4a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D1B5118-3443-43EF-A3D2-148DD05A02C7}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 32 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

ouvre ce lien :

http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire

effectue les opérations de nettoyage proposées.

Des améliorations ?

Si non, dis moi ce que tu as fait.
0
Réponse 33 / 60
Reuyap Messages postés 30 Statut Membre 1
 
Bonjour, hmmm j'appliquais deja pas mal de ce qu'ils recommandent de faire dans ce tuto, entre temps jai refait un scan spysweeper, toujours ce mal-heuri meme si avg ne l'a pas détecté...... =(

-J'ai quand meme fait quelques trucs comme.. modifier la corbeil a 2%...
-me débarasser des fichiers superflus... ( $NtUninstallKB8556$ )
-J'ai aussi fait le "vérifier maintenant" (V)
-VI - Nettoyer le fichier d'échange

Pour ce qui est de MS config... je run pratiquement rien depuis longtemps !! ce qui prend le plus de mémoire normallement c'est firefox, en tout cas ces temps ci avec 37 284 ko.... et mon pc est pas mieu :(
0
Réponse 34 / 60
Reuyap Messages postés 30 Statut Membre 1
 
dsl javais oublié de poster un nouveau rapport hijackthis avec mon dernier message...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:34, on 2007-11-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.microsoft.com%2fisapi%2fredir.dll%3fprd%3d{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?58abea2839d149c6a945c98ff1fddd4a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?58abea2839d149c6a945c98ff1fddd4a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D1B5118-3443-43EF-A3D2-148DD05A02C7}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 35 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

relance spysweeper.

En fin de scan, clique sur Récapitulatif;

Dans Récapitulatif < https://www.malekal.com/fichiers/spywares/SpySweeper10.png >, choisis "Afficher le journal de session" qui est en bas de la fenêtre puis clique sur "Enregistrer dans .." un fichier que tu mettras sur le bureau sous le nom de SpySweeper.txt afin de sauvegarder le rapport à poster (au redémarrage éventuellement si le PC était en MSE).

poste ce rapport dans ta réponse.
0
Réponse 36 / 60
Reuyap Messages postés 30 Statut Membre 1
 
je l'envoie en deux parties parce que on dirait qu'il veut pas rentrer le log complet seulement sur 1 :S

09:51: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
08:50: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
07:50: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
06:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
05:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
04:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
03:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:41: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
02:51: Informational: Virus infected file c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe not cleaned.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 20 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 19 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 18 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 17 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 16 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 15 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 14 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 13 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 12 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 11 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 10 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 9 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 8 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 7 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 6 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 5 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 4 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 3 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 2 rounds of disinfection.
02:51: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 1 round of disinfection.
02:51: Quarantining All Traces: Mal/Heuri-E
02:50: Traces Found: 1
02:50: Full Sweep has completed. Elapsed time 02:22:55
02:50: File Sweep Complete, Elapsed Time: 02:18:07
02:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Espace insuffisant pour traiter cette commande
02:45: Warning: Unable to sweep compressed file: System Error. Code: 8.
02:40: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
02:40: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
02:40: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
02:40: Warning: Failed to read file "c:\documents and settings\patrick payeur\local settings\temp\~df4f5c.tmp". "c:\documents and settings\patrick payeur\local settings\temp\~df4f5c.tmp": File not found
02:38: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse4b67d58-6386-4a6c-9065-c7da907d85cf.tmp]
02:38: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb1bbdac7-7407-475c-94a3-823214c7a475.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms49761917-a16e-4fde-b1fe-246b69a9b54e.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1f88b235-2243-4364-85c7-f76cce872ad5.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmscf9cd2bc-784f-4012-8c73-c6be47204c45.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms77a86db1-76ae-4ef6-8aff-6701e6e59096.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms60a8491b-616c-4d2c-9829-2656961aa890.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmseb3bedf9-e966-4e80-b3e1-c88e457f80ab.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5d0ec4a2-6b0d-48e8-a82e-a4db00012854.tmp]
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7b4efb03-215b-44a7-ac8f-c7ee21542fe9.tmp]
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms49761917-a16e-4fde-b1fe-246b69a9b54e.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1f88b235-2243-4364-85c7-f76cce872ad5.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmscf9cd2bc-784f-4012-8c73-c6be47204c45.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms77a86db1-76ae-4ef6-8aff-6701e6e59096.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms60a8491b-616c-4d2c-9829-2656961aa890.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmseb3bedf9-e966-4e80-b3e1-c88e457f80ab.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse4b67d58-6386-4a6c-9065-c7da907d85cf.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb1bbdac7-7407-475c-94a3-823214c7a475.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5d0ec4a2-6b0d-48e8-a82e-a4db00012854.tmp". Opération réussie
02:37: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7b4efb03-215b-44a7-ac8f-c7ee21542fe9.tmp". Opération réussie
02:37: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\temp\~df2982.tmp]
02:37: Warning: Failed to open file "c:\documents and settings\patrick payeur\local settings\temp\~df2982.tmp". Opération réussie
02:37: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\patrick payeur\application data\mozilla\firefox\profiles\cl52sh5l.patrick\parent.lock]
02:37: Warning: Failed to open file "c:\documents and settings\patrick payeur\application data\mozilla\firefox\profiles\cl52sh5l.patrick\parent.lock". Opération réussie
02:31: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\config\software]
02:24: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\patrick payeur\ntuser.dat]
02:19: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\config\system]
02:19: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\config\default]
02:19: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
02:18: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
02:17: Warning: AntiVirus engine for IFO returned [Scan Aborted Due To Excessive Resource Usage. The Scanned File Could Be A ZipBomb.] on [c:\documents and settings\patrick payeur\bureau\jeux\msgplus.exe]
02:14: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\winnt\system32\config\security]
02:14: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\winnt\system32\config\sam]
02:10: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\05a0e75cd01]
02:06: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\steam\steamapps\reuyap@hotmail.com\counter-strike source\cstrike\cache\de_winter_dust2_full.bsp.bz20000]
02:05: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]
02:05: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb379cd1a-e3ed-4f9d-b72b-e0e634594720.tmp]
02:05: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms36509d70-4725-4e96-b641-7d0e87d3f53a.tmp]
02:04: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms08d45344-d486-4a41-a359-d82c342919bf.tmp]
02:02: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms97fb2cf2-1c8e-41f5-af77-f5974b0e4ae9.tmp]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1407_img.jpg]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1404_img.jpg]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1393_img.jpg]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1391_img.jpg]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1390_img.jpg]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1386_img.jpg]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1366_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1365_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1410_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1409_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\recycler\nprotect\114-1408_mvi.avi]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1400_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1397_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1396_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1395_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1394_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1392_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1388_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\recycler\nprotect\113-1389_mvi.avi]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1387_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1385_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1384_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1383_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1382_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1381_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1380_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1379_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1378_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1377_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1376_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1375_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1374_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1373_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1372_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1371_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1370_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1369_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1368_img.jpg]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1367_img.jpg]
02:00: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms34b166cb-2a9b-45ef-8a3b-6c0dca7451e3.tmp]
02:00: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\311c5a5bd01]
01:58: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd3ccd56c-eb68-4127-a70e-3468d269775c.tmp]
01:58: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd028287a-3652-4433-9f84-850130d6e7dd.tmp]
01:58: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6db3c7e1-3b8b-4a7f-bede-ce6b48ef14ef.tmp]
01:55: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms89c5c7d6-e31b-4e92-b769-a7436bc0934c.tmp]
01:55: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1405_img.jpg]
01:53: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\39ad15bcd01]
01:52: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\drivers\fidbox.dat]
01:49: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\91840535d01]
01:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\3f2e557cd01]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\2e9b0f17d01]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\555a0581d01]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\57b7bb23d01]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\266d15bad01]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\1bbb77b5d01]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\brif=gitte et claudia.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\brigitte et claudia.psf]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1515_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1514_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1513_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1512_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1511_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1510_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1509_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1508_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1507_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1506_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1505_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1504_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1503_mvi.avi]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1502_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1500_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1501_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1499_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1498_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1497_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1496_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1495_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1494_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1493_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1492_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1491_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1490_img.jpg]
01:45: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f3af37d9d01]
01:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\recycler\nprotect\02372553.cfg]
01:44: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\jean-marie payeur\sauvegarde03-03-03\exe\winzip80sh.exe]
01:42: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\950c389dd01]
01:42: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\5c5d4fb6d01]
01:42: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f33d37d9d01]
01:42: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f2ba37d9d01]
01:42: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\dc5d4c3fd01]
01:41: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f1bd37d9d01]
01:40: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f5c137d9d01]
01:40: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\87144216d01]
01:40: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f63937d9d01]
01:40: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f63f37d9d01]
01:40: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\1c43d875d01]
01:39: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\fb2d37d9d01]
01:39: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\6a56fa28d01]
01:39: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\steam\steamapps\reuyap@hotmail.com\counter-strike source\cstrike\cache\de_alivemetal.bsp.bz20000]
01:39: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\jean-marie payeur\sauvegarde03-03-03\mes documents\page andré.doc]
01:39: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\all users\documents\sauvegarde03-03-03\mes documents\page andré.doc]
01:35: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3824e1c9-efa4-4164-8ace-3ce382a5c0a0.tmp]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\03a8ed2cd01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\d4edd35ad01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\03aaed2cd01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\3ea213a4d01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\03afed2cd01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\2e9a0f27d01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\f41542b0d01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\02bded2cd01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\15c9ed2cd01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\9b25865ad01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\0d48ed2cd01]
01:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\ee286f5cd01]
01:31: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\0c42ed2cd01]
01:31: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\patrick payeur\local settings\application data\mozilla\firefox\profiles\cl52sh5l.patrick\cache\1ea55492d01]
01:22: ApplicationMinimized - EXIT
01:22: ApplicationMinimized - ENTER
01:19: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\winnt\system32\config\default.log]
01:18: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\thumbs.db]
01:16: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms48a86227-b23a-4d1f-8bf1-0150cb395582.tmp]
01:14: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\documents\sauvegarde03-03-03\exe\winzip80sh.exe]
Trace marked as Always Remove
01:08: C:\Documents and Settings\Josée Payeur\Local Settings\Temporary Internet Files\Content.IE5\QFD9DA1Q\ufixer_QgaHo26bYG[1].exe (ID = 0)
01:08: Threat marked as Always Remove
01:08: Found Mal/Heuri-E: Mal/Heuri-E
01:07: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\julie payeur\local settings\temporary internet files\content.ie5\2vuhyfc3\hotmail___1025000104[1].js]
00:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
00:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\thumbs.db]
00:36: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]
00:32: Starting File Sweep
00:32: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
00:32: Cookie Sweep Complete, Elapsed Time: 00:00:09
00:32: Starting Cookie Sweep
00:32: Registry Sweep Complete, Elapsed Time:00:00:28
00:31: Starting Registry Sweep
00:31: Memory Sweep Complete, Elapsed Time: 00:03:32
00:28: Starting Memory Sweep
00:28: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume G:
00:28: ApplicationMinimized - EXIT
00:28: ApplicationMinimized - ENTER
00:28: Start Full Sweep
00:28: Sweep initiated using definitions version 1026
00:25: ApplicationMinimized - EXIT
00:25: ApplicationMinimized - ENTER
00:12: ApplicationMinimized - EXIT
00:12: ApplicationMinimized - ENTER
23:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
22:48: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
21:48: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
20:48: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
19:47: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
18:47: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
17:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
16:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
15:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
14:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
13:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
12:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
11:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
10:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
09:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
08:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
07:45: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
06:45: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
05:45: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
04:44: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
03:44: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
03:40: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
0
Réponse 37 / 60
Reuyap Messages postés 30 Statut Membre 1
 
(suite...)

04:29: Tamper Detection
02:40: Informational: Virus infected file c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe not cleaned.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 20 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 19 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 18 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 17 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 16 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 15 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 14 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 13 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 12 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 11 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 10 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 9 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 8 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 7 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 6 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 5 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 4 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 3 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 2 rounds of disinfection.
02:40: Informational: File c:\documents and settings\josée payeur\local settings\temporary internet files\content.ie5\qfd9da1q\ufixer_qgaho26byg[1].exe still infected with virus Mal/Heuri-E after 1 round of disinfection.
02:40: Quarantining All Traces: Mal/Heuri-E
02:39: Traces Found: 1
02:39: Full Sweep has completed. Elapsed time 02:19:19
02:39: File Sweep Complete, Elapsed Time: 02:15:16
Espace insuffisant pour traiter cette commande
02:33: Warning: Unable to sweep compressed file: System Error. Code: 8.
02:27: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
02:27: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
02:27: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbe8cd3f1-7eef-4bcf-880b-632945a3f745.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5712a5db-00a0-48aa-ae5e-007c021c9243.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms63355d5d-d38e-413e-9e2f-19ab2cab0cab.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms039bd425-307c-44a3-9788-47f810057e4b.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse3636f56-4992-47a8-8196-f689d892dfa8.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsaf01047f-b331-4e43-bdda-dfeb5fb4a058.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6450fd6c-5c41-4a22-96f6-600ce18d1236.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms12d58165-40cf-4e90-9422-2721ed3dd227.tmp]
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5712a5db-00a0-48aa-ae5e-007c021c9243.tmp". Opération réussie
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms06fad38a-f2c7-46de-854f-5a9757a0c405.tmp]
02:26: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms143dd0a7-049c-43d1-9ca2-725c8fa10e6c.tmp]
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms63355d5d-d38e-413e-9e2f-19ab2cab0cab.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms039bd425-307c-44a3-9788-47f810057e4b.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse3636f56-4992-47a8-8196-f689d892dfa8.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbe8cd3f1-7eef-4bcf-880b-632945a3f745.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsaf01047f-b331-4e43-bdda-dfeb5fb4a058.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6450fd6c-5c41-4a22-96f6-600ce18d1236.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms12d58165-40cf-4e90-9422-2721ed3dd227.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms06fad38a-f2c7-46de-854f-5a9757a0c405.tmp". Opération réussie
02:26: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms143dd0a7-049c-43d1-9ca2-725c8fa10e6c.tmp". Opération réussie
02:19: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\config\software]
02:11: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\patrick payeur\ntuser.dat]
02:09: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8359ea87-f28c-4fce-9de7-96a71e84ecbb.tmp]
02:06: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\config\system]
02:06: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\config\default]
02:05: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
02:05: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
02:05: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\softwaredistribution\datastore\datastore.edb]
02:04: Warning: AntiVirus engine for IFO returned [Scan Aborted Due To Excessive Resource Usage. The Scanned File Could Be A ZipBomb.] on [c:\documents and settings\patrick payeur\bureau\jeux\msgplus.exe]
02:02: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\winnt\system32\config\security]
02:01: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\winnt\system32\config\sam]
01:53: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\steam\steamapps\reuyap@hotmail.com\counter-strike source\cstrike\cache\de_winter_dust2_full.bsp.bz20000]
01:53: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9fe491d2-682d-410f-921a-efac74c0d247.tmp]
01:51: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]
01:51: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsee2d83d9-d3c5-48c2-96e4-d47da507d383.tmp]
01:48: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc18b3942-0d25-4960-9e67-a183a619eadb.tmp]
01:48: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9d15ce95-e8db-4116-9fbe-f7b14826e53e.tmp]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1407_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1404_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1393_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1391_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1390_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1386_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1366_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1365_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1410_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1409_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\recycler\nprotect\114-1408_mvi.avi]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1397_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1400_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1396_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1395_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1394_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1392_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1388_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\recycler\nprotect\113-1389_mvi.avi]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1387_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1385_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1384_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1383_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1382_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1381_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1380_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1379_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1378_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1377_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1376_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1375_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1374_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1373_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1372_img.jpg]
01:48: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1371_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1370_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1369_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1368_img.jpg]
01:47: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\113-1367_img.jpg]
01:46: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms982d4684-ed4d-4498-a165-d5c99b227ff1.tmp]
01:46: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4755be5c-0178-480a-8bb1-731e5a4fa712.tmp]
01:46: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbcee1c87-0c5a-43d7-b960-ecca3a5ca243.tmp]
01:42: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1405_img.jpg]
01:39: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsafb4da1e-e7e3-4d4f-ad16-ea9b79279c98.tmp]
01:39: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\winnt\system32\drivers\fidbox.dat]
01:39: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms39d3a2db-d71a-4f87-b995-93e6f3b902a6.tmp]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\brif=gitte et claudia.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\brigitte et claudia.psf]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1515_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1514_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1513_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1512_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1511_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1510_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1509_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1508_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1507_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1506_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1505_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1504_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1503_mvi.avi]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1502_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\115-1501_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1500_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1499_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1498_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1497_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1496_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1495_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1494_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1493_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1492_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1491_img.jpg]
01:33: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\114-1490_img.jpg]
01:31: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\recycler\nprotect\02372553.cfg]
01:30: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\jean-marie payeur\sauvegarde03-03-03\exe\winzip80sh.exe]
01:25: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\steam\steamapps\reuyap@hotmail.com\counter-strike source\cstrike\cache\de_alivemetal.bsp.bz20000]
01:25: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\jean-marie payeur\sauvegarde03-03-03\mes documents\page andré.doc]
01:25: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\all users\documents\sauvegarde03-03-03\mes documents\page andré.doc]
01:08: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\thumbs.db]
01:04: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\documents\sauvegarde03-03-03\exe\winzip80sh.exe]
Trace marked as Always Remove
00:58: C:\Documents and Settings\Josée Payeur\Local Settings\Temporary Internet Files\Content.IE5\QFD9DA1Q\ufixer_QgaHo26bYG[1].exe (ID = 0)
00:58: Threat marked as Always Remove
00:58: Found Mal/Heuri-E: Mal/Heuri-E
00:58: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\julie payeur\local settings\temporary internet files\content.ie5\2vuhyfc3\hotmail___1025000104[1].js]
00:57: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsede8ae82-1c51-4395-9d68-da277c6ce479.tmp]
00:35: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\recycler\nprotect\thumbs.db]
00:27: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]
00:24: Starting File Sweep
00:24: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
00:24: Cookie Sweep Complete, Elapsed Time: 00:00:10
00:23: Starting Cookie Sweep
00:23: Registry Sweep Complete, Elapsed Time:00:00:24
00:23: Starting Registry Sweep
00:23: Memory Sweep Complete, Elapsed Time: 00:02:59
00:20: Starting Memory Sweep
00:20: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume G:
00:20: Start Full Sweep
00:20: Sweep initiated using definitions version 1016
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\Driver
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
00:20: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\Driver
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
00:20: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\Driver
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
00:20: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\Driver
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
00:20: Tamper Detection
Keylogger: Off
E-mail Attachment: On
23:19: Informational: ShieldEmail: Start monitoring port 25 for mail activities
23:19: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
23:19: Shield States
23:19: License Check Status (0): Success
23:19: Spyware Definitions: 1016
23:19: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 2007/10/23 22:55:36 (GMT)
23:17: Spy Sweeper 5.5.7.48 started
23:17: Spy Sweeper 5.5.7.48 started
23:17: | Start of Session, 1 novembre 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINNT\system32\csrss.exe
10:34: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINNT\SYSTEM32\SERVICES.EXE
04:06: Tamper Detection
01:57: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:57: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:57: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:57: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:57: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:56: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:56: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:56: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
01:55: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
Keylogger: Off
E-mail Attachment: On
00:48: Informational: ShieldEmail: Start monitoring port 25 for mail activities
00:48: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
00:48: Shield States
00:47: Spyware Definitions: 1016
00:47: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 2007-10-23 22:55:36 (GMT)
00:46: Spy Sweeper 5.5.7.48 started
00:46: Spy Sweeper 5.5.7.48 started
00:46: | Start of Session, 29 octobre 2007 |
***************
10:47: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:47: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:46: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:46: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:46: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:46: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:46: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:45: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:45: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:45: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:44: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
10:44: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\PATRICK PAYEUR\BUREAU\JEUX\HUD\RAN\AXY\THUMBS.DB]
Keylogger: Off
E-mail Attachment: On
10:41: Informational: ShieldEmail: Start monitoring port 25 for mail activities
10:41: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:40: Shield States
10:40: License Check Status (0): Success
10:40: Spyware Definitions: 1016
10:40: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 2007-10-23 22:55:36 (GMT)
10:38: Spy Sweeper 5.5.7.48 started
10:38: Spy Sweeper 5.5.7.48 started
10:38: | Start of Session, 29 octobre 2007 |
***************
Keylogger: Off
08:32: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
08:32: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
08:32: IE Hijack Shield: Resetting IE advanced data value.
08:32: IE Hijack Shield: Resetting IE advanced data value.
IE Tracking Cookies Shield: Off
08:32: Shield States
08:32: Spyware Definitions: 1016
08:32: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 2007-10-23 22:55:36 (GMT)
08:30: Spy Sweeper 5.5.7.48 started
08:30: Spy Sweeper 5.5.7.48 started
08:30: | Start of Session, 28 octobre 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINNT\system32\csrss.exe
20:54: Tamper Detection
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINNT\system32\csrss.exe
20:54: Tamper Detection
Keylogger: Off
E-mail Attachment: On
18:04: Informational: ShieldEmail: Start monitoring port 25 for mail activities
18:04: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
18:04: IE Hijack Shield: Resetting IE advanced data value.
18:04: IE Hijack Shield: Resetting Home Page value.
IE Tracking Cookies Shield: Off
18:04: Shield States
18:04: License Check Status (0): Success
18:04: Spyware Definitions: 1016
18:04: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 2007-10-23 22:55:36 (GMT)
18:03: Spy Sweeper 5.5.7.48 started
18:03: Spy Sweeper 5.5.7.48 started
18:03: | Start of Session, 28 octobre 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINNT\system32\csrss.exe
12:19: Tamper Detection
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINNT\system32\csrss.exe
12:19: Tamper Detection
12:18: ApplicationMinimized - EXIT
12:18: ApplicationMinimized - ENTER
12:18: Startup Shield: Entry Allowed: ZoneAlarm Client
11:50: ApplicationMinimized - EXIT
11:50: ApplicationMinimized - ENTER
Keylogger: Off
11:50: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
11:50: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:50: Shield States
11:50: License Check Status (0): Success
11:50: Spyware Definitions: 1016
11:50: Informational: Loaded AntiVirus Engine: 2.50.6; SDK Version: 4.22E; Virus Definitions: 2007-10-23 22:55:36 (GMT)
11:48: Spy Sweeper 5.5.7.48 started
11:48: Spy Sweeper 5.5.7.48 started
11:48: | Start of Session, 27 octobre 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINNT\system32\csrss.exe
16:10: Tamper Detection
16:03: ApplicationMinimized - EXIT
16:03: ApplicationMinimized - ENTER
16:03: Startup Shield: Entry Allowed: avgnt
15:57: ApplicationMinimized - EXIT
15:57: ApplicationMinimized - ENTER
15:48: ApplicationMinimized - EXIT
15:48: ApplicationMinimized - ENTER
15:44: ApplicationMinimized - EXIT
15:43: ApplicationMinimized - ENTER
15:41: ApplicationMinimized - EXIT
15:41: ApplicationMinimized - ENTER
14:34: Quarantining All Traces: Troj/Busky-Gen
14:34: Informational: Virus infected file c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll not cleaned.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 20 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 19 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 18 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 17 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 16 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 15 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 14 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 13 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 12 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local settings\application data\jgfihob.dll still infected with virus Mal/Obfus-A after 11 rounds of disinfection.
14:34: Informational: File c:\documents and settings\patrick payeur\local s
0
Réponse 38 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

1) Vide ta corbeille.

2 ) *Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

¤ Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche. Décoche Avancé. Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur Analyse
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur Lancer le Nettoyage

Suppression des incohérence du registre

• Clique sur l'icône Erreurs situés dans la marge à gauche.
• Puis clique sur Analyser les erreurs
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur Corriger les erreurs.

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement

3) Vide la quarantaine de Spysweeper et l'historique des logs.

4) télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
0
Réponse 39 / 60
Reuyap Messages postés 30 Statut Membre 1
 
Bonjour, voici mon log du combo fix, je tiens a signaler ke avatir ma "poppé" plusieurs fois lors du scan combo fix, et javais toujours un message me parlant dun trojan ki etait TR/inject.JT jai fait quarantaine peut etre 50 fois la dessus mais bon....
voici le rapport :

ComboFix 07-11-08.1 - Patrick Payeur 2007-11-11 22:16:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.381 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick Payeur\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jos‚e Payeur\Application Data\microsoft\internet explorer\quick launch\Start UltimateFixer 2007.lnk
C:\Documents and Settings\Josée Payeur\Application Data\Ultimate Fixer
C:\Documents and Settings\Josée Payeur\Application Data\Ultimate Fixer\settings.dat
C:\Documents and Settings\Josée Payeur\Bureau\internet.lnk
C:\Documents and Settings\Josée Payeur\Menu Démarrer\Programmes\Démarrage\.protected
C:\Documents and Settings\Julie Payeur\Bureau\internet.lnk
C:\Program Files\autorun.inf
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL
C:\WINNT\Fonts\acrsecI.fon

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 22:14 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-28 11:36 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2007-10-28 11:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2007-10-27 15:02 <REP> d-------- C:\Program Files\Avira
2007-10-27 15:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-27 10:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-27 10:59 75,248 --a------ C:\WINNT\zllsputility.exe
2007-10-27 10:59 54,672 --a------ C:\WINNT\system32\vsutil_loc040c.dll
2007-10-27 10:59 42,384 --a------ C:\WINNT\zllsputility_loc040c.dll
2007-10-27 10:59 21,904 --a------ C:\WINNT\system32\imsinstall_loc040c.dll
2007-10-27 10:59 17,808 --a------ C:\WINNT\system32\imslsp_install_loc040c.dll
2007-10-27 10:59 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-10-27 10:59 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-10-27 10:57 17,350,688 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-10-27 10:57 75,932 --a------ C:\WINNT\system32\drivers\klick.dat
2007-10-27 10:57 74,396 --a------ C:\WINNT\system32\drivers\klin.dat
2007-10-27 10:55 <REP> d-------- C:\WINNT\Internet Logs
2007-10-26 18:22 <REP> d-------- C:\Program Files\Trend Micro
2007-10-25 23:36 <REP> d-------- C:\Program Files\CCleaner
2007-10-22 21:16 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-21 23:35 0 --a------ C:\WINNT\ativpsrm.bin
2007-10-21 16:46 23 --a------ C:\WINNT\popcinfot.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 03:25 204,356 --sha-w C:\WINNT\system32\drivers\fidbox.idx
2007-10-27 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-26 04:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-23 01:58 --------- d-----w C:\Program Files\Steam
2007-10-08 18:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-07 06:43 --------- d-----w C:\Documents and Settings\Patrick Payeur\Application Data\Azureus
2007-10-04 02:14 --------- d-----w C:\Program Files\DivX
2007-09-29 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-29 04:29 --------- d-----w C:\Program Files\THQ
2007-09-29 03:21 9,854,976 ----a-w C:\WINNT\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINNT\system32\ATIDEMGX.dll
2007-09-29 02:47 172,032 ----a-w C:\WINNT\system32\atiok3x2.dll
2007-09-29 01:05 593,920 ------w C:\WINNT\system32\ati2sgag.exe
2007-09-28 17:57 --------- d-----w C:\Program Files\7-Zip
2007-09-27 21:40 --------- d-----w C:\Program Files\Audible
2007-09-25 02:47 43,520 ----a-w C:\WINNT\system32\CmdLineExt03.dll
2007-09-22 18:41 --------- d-----w C:\Program Files\EA GAMES
2007-09-22 18:37 --------- d-----w C:\Program Files\Lavasoft
2007-09-22 18:37 --------- d-----w C:\Documents and Settings\Patrick Payeur\Application Data\Lavasoft
2007-09-22 16:22 --------- d-----w C:\Program Files\Google
2007-09-21 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-09-19 21:58 --------- d-----w C:\Documents and Settings\Julie Payeur\Application Data\Webroot
2007-09-19 03:24 --------- d-----w C:\Program Files\Webroot
2007-09-19 03:24 --------- d-----w C:\Documents and Settings\Patrick Payeur\Application Data\Webroot
2007-09-19 03:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-09-19 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-09-19 03:23 164 ----a-w C:\install.dat
2007-09-18 22:52 --------- d-----w C:\Documents and Settings\Patrick Payeur\Application Data\GetRightToGo
2007-09-17 04:22 --------- d-----w C:\Program Files\MyEmoticons
2007-09-14 07:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-13 02:15 --------- d-----w C:\Program Files\Spyware Doctor
2007-09-12 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-12 22:49 --------- d-----w C:\Program Files\Windows Live Favorites
2007-09-12 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-12 22:48 --------- d-----w C:\Program Files\MSN Messenger
2007-08-22 13:13 96,768 ------w C:\WINNT\system32\dllcache\inseng.dll
2007-08-22 13:13 663,040 ----a-w C:\WINNT\system32\dllcache\wininet.dll
2007-08-22 13:13 617,472 ----a-w C:\WINNT\system32\dllcache\urlmon.dll
2007-08-22 13:13 55,808 ------w C:\WINNT\system32\dllcache\extmgr.dll
2007-08-22 13:13 532,480 ------w C:\WINNT\system32\dllcache\mstime.dll
2007-08-22 13:13 474,624 ----a-w C:\WINNT\system32\dllcache\shlwapi.dll
2007-08-22 13:13 449,024 ------w C:\WINNT\system32\dllcache\mshtmled.dll
2007-08-22 13:13 39,424 ------w C:\WINNT\system32\dllcache\pngfilt.dll
2007-08-22 13:13 357,888 ------w C:\WINNT\system32\dllcache\dxtmsft.dll
2007-08-22 13:13 3,079,168 ----a-w C:\WINNT\system32\dllcache\mshtml.dll
2007-08-22 13:13 251,392 ------w C:\WINNT\system32\dllcache\iepeers.dll
2007-08-22 13:13 205,312 ----a-w C:\WINNT\system32\dllcache\dxtrans.dll
2007-08-22 13:13 16,384 ------w C:\WINNT\system32\dllcache\jsproxy.dll
2007-08-22 13:13 152,064 ------w C:\WINNT\system32\dllcache\cdfview.dll
2007-08-22 13:13 146,432 ------w C:\WINNT\system32\dllcache\msrating.dll
2007-08-22 13:13 1,495,040 ----a-w C:\WINNT\system32\dllcache\shdocvw.dll
2007-08-22 13:13 1,056,768 ------w C:\WINNT\system32\dllcache\danim.dll
2007-08-22 13:13 1,023,488 ----a-w C:\WINNT\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ----a-w C:\WINNT\system32\dllcache\iedw.exe
2007-08-21 06:17 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
2007-08-21 06:17 683,520 ------w C:\WINNT\system32\dllcache\inetcomm.dll
2006-07-29 17:07 6,053 ----a-w C:\Program Files\DeIsL1.isu
2006-07-29 17:07 175 ----a-w C:\Program Files\_DEISREG.ISR
2006-06-18 23:29 1 ----a-w C:\Documents and Settings\Patrick Payeur\SI.bin
2004-06-14 20:30 173,585,303 ------w C:\Documents and Settings\GameSpot DLX Secure Delivery\fear_pt1_0609_qt.zip
2004-06-02 02:24 435,561,362 ------w C:\Documents and Settings\GameSpot DLX Secure Delivery\SinglesSetup.exe
2004-04-21 00:36 44 ----a-w C:\Documents and Settings\Julie Payeur\ub.dat
2004-02-05 01:07 183,281,152 ------w C:\Documents and Settings\GameSpot DLX Secure Delivery\vietcong_fistalpha_mpdemo.exe
2003-11-13 16:05 0 ----a-w C:\Documents and Settings\Monique Lyonnais\ub.dat
2003-11-13 16:05 0 ----a-w C:\Documents and Settings\Monique Lyonnais\ad.dat
2003-10-09 16:54 40 ----a-w C:\Documents and Settings\Jean-Marie Payeur\ub.dat
2003-08-18 11:26 0 ----a-w C:\Documents and Settings\Jean-Marie Payeur\ad.dat
2003-06-25 19:24 0 ----a-w C:\Documents and Settings\Julie Payeur\ad.dat
2002-11-21 21:04 412,158,646 ----a-w C:\Program Files\Data1.cab
2002-11-21 21:04 1,138 ----a-w C:\Program Files\Setup.ini
2002-11-21 21:00 212,992 ------w C:\Program Files\setup.exe
2002-05-02 20:11 4,107 ----a-w C:\Program Files\[u]0[/u]x0409.ini
2002-03-11 15:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 14:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
2001-06-21 14:06 26,065,872 ----a-w C:\Program Files\dx80a.exe
1999-04-08 15:18 49,152 ----a-w C:\Program Files\_ISREG32.DLL
2005-11-19 06:49:22 56 --sh--r C:\WINNT\system32\F6A35D9950.sys
2006-12-03 01:54:59 3,350 --sha-w C:\WINNT\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 18:09]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-27 15:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 21:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^.protected]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.protected
backup=C:\WINNT\pss\.protectedCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julie Payeur^Menu Démarrer^Programmes^Démarrage^.protected]
path=C:\Documents and Settings\Julie Payeur\Menu Démarrer\Programmes\Démarrage\.protected
backup=C:\WINNT\pss\.protectedStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Patrick Payeur^Menu Démarrer^Programmes^Démarrage^.protected]
path=C:\Documents and Settings\Patrick Payeur\Menu Démarrer\Programmes\Démarrage\.protected
backup=C:\WINNT\pss\.protectedStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 each]
C:\DOCUME~1\PATRIC~1\APPLIC~1\GRAMSIZE\START DEAF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Fichiers communs\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINNT\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dest068]
slamm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbgo.exe]
C:\WINNT\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmuad.exe]
C:\WINNT\system32\dmuad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Elite Antikeylogger]
C:\Program Files\Widestep Software\Elite Antikeylogger\wseakadm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Generic Host Process]
C:\WINNT\system32\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\greatjugsdashtick]
C:\Documents and Settings\All Users\Application Data\Upload knob great jugs\Regs Barb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi]
C:\WINNT\GWMDMpi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IELoader32]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jgfihob.dll]
C:\WINNT\system32\rundll32.exe "C:\Documents and Settings\Patrick Payeur\Local Settings\Application Data\jgfihob.dll",wlmwiff

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINNT\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINNT\system32\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms-its]
34763.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newbreed]
br0ken.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]
PROMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant]
C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINNT\system32\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scr Sect Third Style]
C:\Documents and Settings\All Users\Application Data\Boob Barb Scr Sect\Army Second.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:1]
C:\Program Files\Tukati\Redistributor\1\TukatiRedistributor.exe -r:1 -x:1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLogon]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\___]
StartCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"usnjsvc"=3 (0x3)
"UserAccess7"=2 (0x2)
"SymWSC"=2 (0x2)
"SENS"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"PictureTaker"=3 (0x3)
"NVSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Elite Antikeylogger monitoring service"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINNT\system32\Drivers\SSFS0BB8.SYS
R1 ISODrive;ISO CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R1 sdcplh;sdcplh;C:\WINNT\system32\drivers\sdcplh.sys
R1 wseak;wseak;C:\WINNT\system32\drivers\wseak.sys
R2 PfDetNT;PfDetNT;\??\C:\WINNT\System32\drivers\PfModNT.sys
R2 RioPNP;RioPNP;C:\WINNT\system32\drivers\RioPNP.sys
S1 lusbaudio;Logitech USB Microphone;C:\WINNT\system32\drivers\lvsound2.sys
S3 c87e2886-cc28-4afb-9adb-cbab7b04b687;c87e2886-cc28-4afb-9adb-cbab7b04b687;\??\D:\Player\cds300.dll
S3 EnumHook2;Enumerate Global Windows Service 2;\??\C:\WINNT\system32\drivers\dHook.sys
S3 jgameenp;jgameenp;\??\C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\jgameenp.sys
S3 Jukebox3_1394;Jukebox3_1394;C:\WINNT\system32\DRIVERS\ctpd1394.sys
S3 LVBulk;LVBulk Service;C:\WINNT\system32\DRIVERS\LVBulk.sys
S3 LVVI500A;LVVI500A Service;C:\WINNT\system32\DRIVERS\lvvi500a.sys
S3 PCDRDRV;Pcdr Helper Driver;\??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys
S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\sony_ssm.sys
S4 Elite Antikeylogger monitoring service;Elite Antikeylogger monitoring service;C:\Program Files\Widestep Software\Elite Antikeylogger\wseaksrv.exe /service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9816d3a2-2409-11db-9e08-0007e9a794f5}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - SYMTDI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AB2C5016-E01F-B10D-DD30-A7DF16EC09AA}]
C:\WINNT\svchost.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-07 18:15:03 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-11 07:00:17 C:\WINNT\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-06 23:00:00 C:\WINNT\Tasks\Pareto UNS.job"
- C:\Program Files\Fichiers communs\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2007-11-12 02:30:13 C:\WINNT\Tasks\Symantec NetDetect.job"
"2007-11-12 02:39:02 C:\WINNT\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 22:31:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 22:34:33 - machine was rebooted
.
--- E O F ---
0
Réponse 40 / 60
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

remets un log Hijackthis
0

Discussions similaires

mon pc capte mal en wifi
soprano2706 -
aghiles11 -

20 réponses
je voudrais récupérer mon adresse e mail
clobel -
Lucio -

19 réponses
Réglage pour réception Astra 19.2
10adamr -
10adamr -

4 réponses
Comment écrire à, é, è, ç ê en majuscule ... ?
Peggynus -
jeanbern -

7 réponses
Mon PC capte mal le wifi
Yugisan -
Yugisan -

11 réponses