Sujet Précédent Sujet Suivant

Clean32

Résolu/Fermé
sousoua - 28 oct. 2007 à 10:11
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 20 nov. 2007 à 16:57
Bonjour,
je suis novice en informatique, depuis hier j'ai un message d'erreur de clean32, je crois que c'est un virus. l'ordinateur est devenu plus lent et il se bloc.
quelqu'un peut m'aider svp et merci

voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:54, on 28/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rasautou.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.tiscali.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tiscali -
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
O1 - Hosts: <title>HTTP 404 Non trouvé</title>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="white" onload="initPage()">
O1 - Hosts: <table width="400" cellpadding="3" cellspacing="5">
O1 - Hosts: <tr>
O1 - Hosts: <td id="tableProps" valign="top" align="left"></td>
O1 - Hosts: <td id="tableProps2" align="left" valign="middle" width="360"><h1 style="COLOR: black; FONT: 13pt/15pt verdana"><span id="errorText">Impossible de trouver la page</span></h1>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td id="tablePropsWidth" width="400" colspan="2"><font style="COLOR: black; FONT: 8pt/11pt verdana">Il est possible que la page recherchée ait été supprimée, que son nom ait
O1 - Hosts: changé ou qu'elle ne soit pas disponible pour le moment.</font></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td id="tablePropsWidth2" width="400" colspan="2"><font id="LID1"
O1 - Hosts: style="COLOR: black; FONT: 8pt/11pt verdana"><hr color="#C0C0C0" noshade>
O1 - Hosts: <p id="LID2">Essayez de la manière suivante :</p><ul>
O1 - Hosts: <li id="list1">Si vous avez entré l'adresse de cette page dans la barre d'adresses, vérifiez qu'elle
O1 - Hosts: est correcte,<br>
O1 - Hosts: </li>
O1 - Hosts: <li id="list2">Ouvrez la page de démarrage et recherchez des liens vers
O1 - Hosts: les informations voulues. </li>
O1 - Hosts: <li id="list3">Cliquez sur le bouton <a href="javascript:history.back(1)"><img valign=bottom border=0 src="back.gif"> Précédente</a> pour essayer un autre lien. </li>
O1 - Hosts: <li ID="list4">Cliquez sur <a href="javascript:doSearch()"><img border=0 src="search.gif" width="16" height="16" alt="search.gif (114 bytes)" align="center"> Rechercher</a> pour trouver des informations sur Internet. </li>
O1 - Hosts: </ul>
O1 - Hosts: <p><br>
O1 - Hosts: </p>
O1 - Hosts: <h2 id="ietext" style="font:8pt/11pt verdana; color:black">HTTP 404 - Fichier non trouvé<br>
O1 - Hosts: <BR>
O1 - Hosts: </h2>
O1 - Hosts: </font></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Propriétaire\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-3081] "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM.EXE (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.sexe--machine.com/kits/82/sexe-machine.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} - http://secure.goodthinxx.com/(ywdd2sfxi0e3xs55kvgs3545)/secureweb/securewebgt.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://www.blowsearch.com/TB/The_Ultimate_Browser_Enhancer.exe
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.sexe-exhibition.org/acces/014/Webcam.exe
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVPCC - Unknown owner - C:\PROGRA~1\ANTIVI~1\avpcc.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PROPRI~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/...
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/PROPRI~1/LOCALS~1/Temp/msohtml1/08/clip_image002.jpg

196 réponses

Précédent
Réponse 81 / 196
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
7 nov. 2007 à 16:03
(suite)

Cit. « (c'est un lien" view session log" à gauche en bas de la fenêtre dans la panel « Option ») »

Plus précisément :

- Dans Récapitulatif < https://www.malekal.com/fichiers/spywares/SpySweeper10.png >, choisis "Afficher le journal de session" qui est en bas de la fenêtre puis clique sur "Enregistrer dans .." un fichier que tu mettras sur le bureau sous le nom de SpySweeper.txt afin de sauvegarder le rapport à poster (au redémarrage éventuellement si le PC était en MSE).

Al.
0
Réponse 82 / 196
sousoua
7 nov. 2007 à 20:29
Bonsoir,
voila le rapport


14:13: Sweep Status: 7 Items Detected
14:13: Traces Found: 13
14:13: File Sweep Complete, Elapsed Time: 00:06:11
14:13: Sweep Canceled
14:07: Starting File Sweep
14:06: Cookie Sweep Complete, Elapsed Time: 00:00:00
14:06: c:\documents and settings\propriétaire\cookies\propriétaire@xiti[1].txt (ID = 3717)
14:06: Found Spy Cookie: xiti cookie
14:06: c:\documents and settings\propriétaire\cookies\propriétaire@servlet[2].txt (ID = 3345)
14:06: Found Spy Cookie: servlet cookie
14:06: Starting Cookie Sweep
14:06: Registry Sweep Complete, Elapsed Time:00:00:39
14:06: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
14:06: HKU\S-1-5-21-3308722516-71594873-1131426265-1003\software\kgcs\ (ID = 657208)
14:06: Found Adware: purhardcore dialer
14:06: HKU\S-1-5-21-3308722516-71594873-1131426265-1003\software\visio ras script\ (ID = 125646)
14:06: Found Adware: edipol alloticket dialer
14:05: HKCR\typelib\{a8882720-e26c-4073-8b8a-981d32882af7}\ (ID = 128850)
14:05: HKLM\software\classes\typelib\{a8882720-e26c-4073-8b8a-981d32882af7}\ (ID = 128782)
14:05: HKLM\software\classes\interface\{20270406-63ad-4c7e-ae8d-bb632e508ace}\ (ID = 128772)
14:05: HKLM\software\classes\interface\{1773b696-b019-4fc1-9eed-b1c7f925f56a}\ (ID = 128770)
14:05: HKCR\interface\{20270406-63ad-4c7e-ae8d-bb632e508ace}\ (ID = 128717)
14:05: HKCR\interface\{1773b696-b019-4fc1-9eed-b1c7f925f56a}\ (ID = 128715)
14:05: Found Adware: instant access
14:05: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/iegator.dll\ (ID = 126766)
14:05: Found Adware: gain - common components
14:05: HKCR\interface\{d24a1963-9951-4153-a340-6648759eb77d}\ (ID = 125113)
14:05: HKCR\interface\{3cd945a2-e413-4956-b9d8-a67fb6a7cb66}\ (ID = 125110)
14:05: Found Adware: ie access
14:05: Starting Registry Sweep
14:05: Memory Sweep Complete, Elapsed Time: 00:05:40
14:05: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
13:59: Starting Memory Sweep
13:59: Start Quick Sweep
13:59: Sweep initiated using definitions version 906
13:57: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
13:57: None
13:57: Traces Found: 0
13:57: Memory Sweep Complete, Elapsed Time: 00:00:06
13:57: Sweep Canceled
13:57: Starting Memory Sweep
13:57: Start Quick Sweep
13:57: Sweep initiated using definitions version 906
13:56: None
13:56: Traces Found: 0
13:56: Memory Sweep Complete, Elapsed Time: 00:00:38
13:56: Sweep Canceled
13:56: Starting Memory Sweep
13:56: Start Quick Sweep
13:56: Sweep initiated using definitions version 906
13:54: None
13:54: Traces Found: 0
13:54: Context File Sweep has completed. Elapsed time 00:00:07
13:54: File Sweep Complete, Elapsed Time: 00:00:05
13:54: Starting File Sweep
13:54: Start Context File Sweep
13:54: Sweep initiated using definitions version 906
12:10: ApplicationMinimized - EXIT
12:10: ApplicationMinimized - ENTER
12:07: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
12:07: ApplicationMinimized - EXIT
12:07: ApplicationMinimized - ENTER
12:05: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
Keylogger: Off
E-mail Attachment: On
12:05: Informational: ShieldEmail: Start monitoring port 25 for mail activities
12:05: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
12:05: IE Hijack Shield: Resetting IE advanced data value.
IE Tracking Cookies Shield: Off
12:05: Shield States
12:05: Spyware Definitions: 906
12:03: Spy Sweeper 5.5.7.48 started
12:03: Spy Sweeper 5.5.7.48 started
12:03: | Start of Session, mercredi 7 novembre 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINDOWS\SYSTEM32\csrss.exe
04:58: Tamper Detection
04:51: Informational: ShieldEmail: Start monitoring port 25 for mail activities
Keylogger: Off
04:51: Informational: ShieldEmail: Start monitoring port 110 for mail activities
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
04:51: Shield States
04:51: License Check Status (0): Success
04:51: Spyware Definitions: 906
04:48: Spy Sweeper 5.5.7.48 started
04:48: Spy Sweeper 5.5.7.48 started
04:48: | Start of Session, mercredi 7 novembre 2007 |
***************
08:35: Informational: ShieldEmail: Start monitoring port 25 for mail activities
Keylogger: Off
08:34: Informational: ShieldEmail: Start monitoring port 110 for mail activities
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
08:34: Shield States
08:34: Spyware Definitions: 906
08:32: Spy Sweeper 5.5.7.48 started
08:32: Spy Sweeper 5.5.7.48 started
08:32: | Start of Session, mercredi 7 novembre 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINDOWS\SYSTEM32\csrss.exe
11:57: Tamper Detection
11:31: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
10:55: Informational: ShieldEmail: Start monitoring port 25 for mail activities
Keylogger: Off
10:55: Informational: ShieldEmail: Start monitoring port 110 for mail activities
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
10:55: IE Hijack Shield: Resetting IE advanced data value.
IE Tracking Cookies Shield: Off
10:55: Shield States
10:55: Spyware Definitions: 906
10:53: Spy Sweeper 5.5.7.48 started
10:53: Spy Sweeper 5.5.7.48 started
10:53: | Start of Session, mercredi 7 novembre 2007 |
***************
14:36: ApplicationMinimized - EXIT
14:36: ApplicationMinimized - ENTER
14:29: License Check Status (0): Success
13:58: License Check Status (0): Success
13:43: License Check Status (0): Success
13:42: Traces Found: 29
13:42: Full Sweep has completed. Elapsed time 03:37:09
13:42: File Sweep Complete, Elapsed Time: 03:34:16
13:41: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Date Manager\Date Manager Website.lnk (3 subtraces) (ID = 2147486353)
13:35: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
13:35: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
13:34: C:\WINDOWS\aconti.ini (ID = 48724)
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\cookies\propriétaire@commentcamarche[1].txt". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\cookies\propriétaire@tradedoubler[1].txt". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\disc_03[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\arrow[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\disc_01[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\back_input[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\sep_right[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\fonc_02[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\fonc_01[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\sep_left[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\sep_01_1[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\back_num_off[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\actions_04[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\pic_ecrir[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\pic_forum_01[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\pic_prefs[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\pic_stats[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\pic_interv[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\pic_msg[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\sep_02_2[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\sep_01_2[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\sep_02[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\sep_01[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\sep[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\back_actions[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\pic_discuss[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\back2[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\back_bdb[2].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\back_titre[2].jpg". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\back_suite02[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms44759a0f-a58a-4281-be9c-f080f91e7a59.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa31cf944-92ae-4c2b-84ef-b317d772357a.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8ca7ed0a-19ee-4ff9-a6c5-def09209271a.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4ab8c0ac-c329-410b-9f76-3f1800eeea47.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc8028f23-eb1d-4abf-93d0-35b912b758c0.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms71b5567b-49f0-4eac-8cda-b9456b073db5.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7c7f3014-8c52-43a9-88d3-d6088550eb49.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4add2ec6-4c03-4efe-97e0-e7e4dc98e888.tmp". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\discus[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\discusplusr[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\back_titre[1].jpg". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\back_bdb[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\back_titre[1].jpg". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\back_rub[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\back_ccm[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\back_ccm_ht[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\back_menuh[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\b3[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\b4[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\b2[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\b1[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\back_topnav[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\back_gen[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\v8ee9ozk\top_head_pus[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\top_head_04[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\0p2zw163\top_head_03[1].png". Opération réussie
13:33: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\top_head_01[1].png". Opération réussie
13:32: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\c7mxubal\inline20070924[1].htm". Opération réussie
13:32: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\bfss20070920[1].htm". Opération réussie
13:29: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
13:28: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
12:59: C:\aconti.log (ID = 48726)
12:14: Warning: DDA Failure, error reading data. Index:78647. TVolumeNtNTFS.Read failed 2: Read starts at: 0xB4580000 Len :0xE000
12:10: Warning: DDA Failure, error reading data. Index:77940. TVolumeNtNTFS.Read failed 1: Read starts at: 0xAB3A0000 Len :0x6000
11:53: ApplicationMinimized - EXIT
11:53: ApplicationMinimized - ENTER
11:51: ApplicationMinimized - EXIT
11:51: ApplicationMinimized - ENTER
11:44: ApplicationMinimized - EXIT
11:44: ApplicationMinimized - ENTER
11:29: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
11:28: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
11:26: C:\WINDOWS\aconti.sdb (ID = 48727)
11:26: Found Adware: aconti
10:15: ApplicationMinimized - EXIT
10:15: ApplicationMinimized - ENTER
10:08: C:\Program Files\Date Manager (3 subtraces) (ID = 2147486353)
10:08: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Date Manager (1 subtraces) (ID = 2147486344)
10:08: Found Adware: date manager
10:07: Starting File Sweep
10:07: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
10:07: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:07: c:\documents and settings\propriétaire\cookies\propriétaire@xiti[1].txt (ID = 3717)
10:07: Found Spy Cookie: xiti cookie
10:07: c:\documents and settings\propriétaire\cookies\propriétaire@tradedoubler[1].txt (ID = 3575)
10:07: Found Spy Cookie: tradedoubler cookie
10:07: c:\documents and settings\propriétaire\cookies\propriétaire@servlet[2].txt (ID = 3345)
10:07: Found Spy Cookie: servlet cookie
10:07: c:\documents and settings\propriétaire\cookies\propriétaire@bluestreak[2].txt (ID = 2314)
10:07: Found Spy Cookie: bluestreak cookie
10:07: c:\documents and settings\propriétaire\cookies\propriétaire@advertising[1].txt (ID = 2175)
10:07: Found Spy Cookie: advertising cookie
10:07: Starting Cookie Sweep
10:07: Registry Sweep Complete, Elapsed Time:00:00:55
10:07: HKU\S-1-5-21-3308722516-71594873-1131426265-1003\software\kgcs\ (ID = 657208)
10:07: Found Adware: purhardcore dialer
10:07: HKU\S-1-5-21-3308722516-71594873-1131426265-1003\software\visio ras script\ (ID = 125646)
10:07: Found Adware: edipol alloticket dialer
10:07: HKCR\typelib\{a8882720-e26c-4073-8b8a-981d32882af7}\ (ID = 128850)
10:07: HKLM\software\classes\typelib\{a8882720-e26c-4073-8b8a-981d32882af7}\ (ID = 128782)
10:07: HKLM\software\classes\interface\{20270406-63ad-4c7e-ae8d-bb632e508ace}\ (ID = 128772)
10:07: HKLM\software\classes\interface\{1773b696-b019-4fc1-9eed-b1c7f925f56a}\ (ID = 128770)
10:07: HKCR\interface\{20270406-63ad-4c7e-ae8d-bb632e508ace}\ (ID = 128717)
10:07: HKCR\interface\{1773b696-b019-4fc1-9eed-b1c7f925f56a}\ (ID = 128715)
10:07: Found Adware: instant access
10:07: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/iegator.dll\ (ID = 126766)
10:07: Found Adware: gain - common components
10:07: HKCR\interface\{d24a1963-9951-4153-a340-6648759eb77d}\ (ID = 125113)
10:07: HKCR\interface\{3cd945a2-e413-4956-b9d8-a67fb6a7cb66}\ (ID = 125110)
10:07: Found Adware: ie access
10:06: Starting Registry Sweep
10:06: Memory Sweep Complete, Elapsed Time: 00:07:49
09:59: Starting Memory Sweep
09:58: Start Full Sweep
09:58: Sweep initiated using definitions version 906
09:48: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
09:47: None
09:47: Traces Found: 0
09:47: Memory Sweep Complete, Elapsed Time: 00:02:31
09:47: Sweep Canceled
09:46: ApplicationMinimized - EXIT
09:46: ApplicationMinimized - ENTER
09:44: ApplicationMinimized - EXIT
09:44: ApplicationMinimized - ENTER
09:44: Starting Memory Sweep
09:44: Start Full Sweep
09:44: Sweep initiated using definitions version 906
09:42: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
09:32: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
09:30: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
09:30: ApplicationMinimized - EXIT
09:30: ApplicationMinimized - ENTER
09:30: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
Keylogger: Off
09:30: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
09:30: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
09:30: Shield States
09:30: Spyware Definitions: 906
09:28: Spy Sweeper 5.5.7.48 started
09:28: Spy Sweeper 5.5.7.48 started
09:28: | Start of Session, mardi 6 novembre 2007 |
***************
23:37: ApplicationMinimized - EXIT
23:37: ApplicationMinimized - ENTER
23:25: ApplicationMinimized - EXIT
23:25: ApplicationMinimized - ENTER
23:19: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
23:19: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
23:16: ApplicationMinimized - EXIT
23:16: ApplicationMinimized - ENTER
23:12: Traces Found: 28
23:12: Full Sweep has completed. Elapsed time 03:42:49
23:12: File Sweep Complete, Elapsed Time: 03:37:58
23:12: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Date Manager\Date Manager Website.lnk (3 subtraces) (ID = 2147486353)
22:59: Warning: TCompressedFile.GetStreams(1): Stream read error
22:57: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
22:57: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
22:56: C:\WINDOWS\aconti.ini (ID = 48724)
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsffe91eaf-87d5-44ae-9d3f-3f215e427502.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb7342540-d37f-4f99-add8-fb55917b5ea1.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9778935e-e3fa-44b9-8e31-e0428fd2be7b.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf0b908bd-b447-4373-9c34-e8668f2c9e45.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd898b74c-9bea-4040-bd5b-2743dfecf97c.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0b5ec08b-555a-451d-8e94-4d859d6024f6.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa4820e2b-f43d-44f1-972f-ba5476fde4ae.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse2017f0e-ae04-4e12-ab70-fc5523a8b0eb.tmp". Opération réussie
22:56: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\cayn36j0.htm". Opération réussie
22:55: Warning: Failed to open file "c:\documents and settings\propriétaire\bureau\temporary internet files\content.ie5\epn3i3yx\pl[1].htm". Opération réussie
22:21: C:\aconti.log (ID = 48726)
21:36: Warning: DDA Failure, error reading data. Index:78870. TVolumeNtNTFS.Read failed 2: Read starts at: 0xB4580000 Len :0xE000
21:31: Warning: DDA Failure, error reading data. Index:78166. TVolumeNtNTFS.Read failed 1: Read starts at: 0xAB3A0000 Len :0x6000
21:20: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
21:19: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
20:47: C:\WINDOWS\aconti.sdb (ID = 48727)
20:47: Found Adware: aconti
20:46: ApplicationMinimized - EXIT
20:46: ApplicationMinimized - ENTER
19:35: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Date Manager (1 subtraces) (ID = 2147486344)
19:35: C:\Program Files\Date Manager (3 subtraces) (ID = 2147486353)
19:35: Found Adware: date manager
19:34: Starting File Sweep
19:34: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
19:34: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:34: c:\documents and settings\propriétaire\cookies\propriétaire@xiti[1].txt (ID = 3717)
19:34: Found Spy Cookie: xiti cookie
19:34: c:\documents and settings\propriétaire\cookies\propriétaire@tradedoubler[1].txt (ID = 3575)
19:34: Found Spy Cookie: tradedoubler cookie
19:34: c:\documents and settings\propriétaire\cookies\propriétaire@servlet[2].txt (ID = 3345)
19:34: Found Spy Cookie: servlet cookie
19:34: c:\documents and settings\propriétaire\cookies\propriétaire@bluestreak[1].txt (ID = 2314)
19:34: Found Spy Cookie: bluestreak cookie
19:34: Starting Cookie Sweep
19:34: Registry Sweep Complete, Elapsed Time:00:00:34
19:34: HKU\S-1-5-21-3308722516-71594873-1131426265-1003\software\kgcs\ (ID = 657208)
19:34: Found Adware: purhardcore dialer
19:34: HKU\S-1-5-21-3308722516-71594873-1131426265-1003\software\visio ras script\ (ID = 125646)
19:34: Found Adware: edipol alloticket dialer
19:34: HKCR\typelib\{a8882720-e26c-4073-8b8a-981d32882af7}\ (ID = 128850)
19:34: HKLM\software\classes\typelib\{a8882720-e26c-4073-8b8a-981d32882af7}\ (ID = 128782)
19:34: HKLM\software\classes\interface\{20270406-63ad-4c7e-ae8d-bb632e508ace}\ (ID = 128772)
19:34: HKLM\software\classes\interface\{1773b696-b019-4fc1-9eed-b1c7f925f56a}\ (ID = 128770)
19:34: HKCR\interface\{20270406-63ad-4c7e-ae8d-bb632e508ace}\ (ID = 128717)
19:34: HKCR\interface\{1773b696-b019-4fc1-9eed-b1c7f925f56a}\ (ID = 128715)
19:34: Found Adware: instant access
19:34: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/iegator.dll\ (ID = 126766)
19:34: Found Adware: gain - common components
19:34: HKCR\interface\{d24a1963-9951-4153-a340-6648759eb77d}\ (ID = 125113)
19:34: HKCR\interface\{3cd945a2-e413-4956-b9d8-a67fb6a7cb66}\ (ID = 125110)
19:34: Found Adware: ie access
19:34: Starting Registry Sweep
19:34: Memory Sweep Complete, Elapsed Time: 00:04:08
19:30: Starting Memory Sweep
19:29: Start Full Sweep
19:29: Sweep initiated using definitions version 906
19:29: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
19:29: ApplicationMinimized - EXIT
19:29: ApplicationMinimized - ENTER
19:28: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
19:21: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
19:20: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
19:20: ApplicationMinimized - EXIT
19:20: ApplicationMinimized - ENTER
19:20: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
19:20: Informational: ShieldEmail: Start monitoring port 25 for mail activities
Keylogger: Off
E-mail Attachment: On
19:20: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
19:19: Shield States
19:19: Spyware Definitions: 906
19:17: Spy Sweeper 5.5.7.48 started
19:17: Spy Sweeper 5.5.7.48 started
19:17: | Start of Session, lundi 5 novembre 2007
0
Réponse 83 / 196
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
7 nov. 2007 à 21:36
Re,
Merci.

.. il faut la force de la conviction pour lire ce rapport en X portions. ;) ;)
Ça reste cependant un bel historique des différentes analyses exécutées.


12:03: | Start of Session, mercredi 7 novembre 2007 |
***************
04:48: | Start of Session, mercredi 7 novembre 2007 |
***************
08:32: | Start of Session, mercredi 7 novembre 2007 |
***************
10:53: | Start of Session, mercredi 7 novembre 2007 |
***************
09:28: | Start of Session, mardi 6 novembre 2007 |
***************
19:17: | Start of Session, lundi 5 novembre 2007|

Bonne nuit à tous
Al.
0
Réponse 84 / 196
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
7 nov. 2007 à 22:16
V..

Attention à la troisième ligne :

[- HKCR\typelib\{a8882720-e26c-4073-8b8a-981d32882af7}]
==> il faut supprimer l'intervalle entre [- et HKEY_CLASSES_ROOT .

Et je crois qu'il faut écrire en toutes lettres :

- HKEY_CLASSES_ROOT ou HKCR
- HKEY_CURRENT_USER ou HKCU
- HKEY_LOCAL_MACHINE ou HKLM
- HKEY_USERS ou HKU
- HKEY_CURRENT_CONFIG ou HKCC

Bonne nuit
Al.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 85 / 196
sousoua
7 nov. 2007 à 22:45
Re,
oui spysweeper affiche encore les torjans

log HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:33, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pdfw] "C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE" /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B597577-E182-4168-B3B6-8389C56D4DCC}: NameServer = 193.95.93.77 193.95.122.40
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVPCC - Unknown owner - C:\PROGRA~1\ANTIVI~1\avpcc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PROPRI~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/...
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/PROPRI~1/LOCALS~1/Temp/msohtml1/08/clip_image002.jpg
0
Réponse 86 / 196
sousoua
8 nov. 2007 à 07:45
bonjour,
peut etre que ça fonctionnait, en fait il n'a trouvé qu'une seul trace "gain - common components"
0
Réponse 87 / 196
sousoua
8 nov. 2007 à 09:18
Re,
j'ai relancé le scan, il detecte toujour les memes torjans. je crois q'on a pas beaucoup avancé.
0
Réponse 88 / 196
sousoua
8 nov. 2007 à 13:37
Re,
je redemarrais l'ordinateur et j'ai fait un scan d registre

13:24: Sweep Status: 4 Items Detected
13:24: Traces Found: 4
13:24: File Sweep Complete, Elapsed Time: 00:00:26
13:24: Sweep Canceled
13:24: Starting File Sweep
13:23: Cookie Sweep Complete, Elapsed Time: 00:00:00
13:23: c:\documents and settings\propriétaire\cookies\propriétaire@xiti[1].txt (ID = 3717)
13:23: Found Spy Cookie: xiti cookie
13:23: c:\documents and settings\propriétaire\cookies\propriétaire@servlet[2].txt (ID = 3345)
13:23: Found Spy Cookie: servlet cookie
13:23: c:\documents and settings\propriétaire\cookies\propriétaire@bluestreak[1].txt (ID = 2314)
13:23: Found Spy Cookie: bluestreak cookie
13:23: Starting Cookie Sweep
13:23: Registry Sweep Complete, Elapsed Time:00:00:41
13:23: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/iegator.dll\ (ID = 126766)
13:23: Found Adware: gain - common components
13:22: Starting Registry Sweep
13:22: Memory Sweep Complete, Elapsed Time: 00:08:36
13:14: ApplicationMinimized - EXIT
13:14: ApplicationMinimized - ENTER
13:14: Starting Memory Sweep
13:14: Start Quick Sweep
13:14: Sweep initiated using definitions version 906
13:09: Informational: ShieldEmail: Start monitoring port 25 for mail activities
13:09: Informational: ShieldEmail: Start monitoring port 110 for mail activities
Keylogger: Off
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
13:09: IE Hijack Shield: Resetting IE advanced data value.
IE Tracking Cookies Shield: Off
13:09: Shield States
13:08: Spyware Definitions: 906
13:06: Spy Sweeper 5.5.7.48 started
13:06: Spy Sweeper 5.5.7.48 started
13:06: | Start of Session, jeudi 8 novembre 2007
0
Réponse 89 / 196
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 nov. 2007 à 13:58
Re,

OK, il n'en reste plus qu'un.

On voit ce soir.
0
Réponse 90 / 196
sousoua
8 nov. 2007 à 15:32
Re,
oui il trouve qu'un si je fait le scan de regitre seulement mais si je fait le scan de tout les fichiers il affiche les autres torjans
0
Réponse 91 / 196
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 nov. 2007 à 15:47
Re,

alors montre le rapport
0
Réponse 92 / 196
sousoua
8 nov. 2007 à 18:04
Re,
l'ord n'a pas voulu démarrer il m'affiche un écran noir avec une seule ligne " Erreur lors du chargement du système d'exploitation"
qu'est ce que je doit faire?
0
Réponse 93 / 196
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 nov. 2007 à 18:14
Re,

essaye en mode sans échec

si tu démarres en mode sans échèc, essaye avec dernière bonne configuration connue.
0
Réponse 94 / 196
sousoua
8 nov. 2007 à 18:24
j'ai essayer mais il ne marche pas. je sais pas où le problème.
0
Réponse 95 / 196
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 nov. 2007 à 18:26
Re,

quand avais tu redémarré pour la dernière fois ?
0
Réponse 96 / 196
sousoua
8 nov. 2007 à 18:40
j'ai rédémarré quand tu me l'a demandé dans ton message 130.
aprés l'analyse j'ai fermé l'ord parce que j'au du m'absenter. à mon retour je l'ai rallumé, il ma demandé l'installation de windows xp et quand j'ai appuier sur annuler il a rédémarrer avec cette fenetre noir
0
Réponse 97 / 196
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 nov. 2007 à 19:35
Re,

tu n'as rien constaté d'anormal lorsque tu l'as fermé après le scan ?

Le bios boote normalement ?

en particulier il reconnait le disque dur ?

J'ai peut être posé la question. Tu as le CD de Windows et une clé à 25 caractères ?

0
Réponse 98 / 196
sousoua
8 nov. 2007 à 19:47
tou était normal
j'a un CD XP sp2 et le clé
0
Réponse 99 / 196
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 nov. 2007 à 19:52
Re,

je crois que il va falloir faire une réparation de Windows (pas un formatage).

As tu sauvegardé tes données sur un support externe ?

As tu un graveur de CD sur le deuxième ordi ?
0
Utilisateur anonyme
8 nov. 2007 à 20:36
Bonsoir
J'ai l'impression que Sousssa va te tenir chaud au moins jusqu'à Noël (de quelle année ?) !
Et qu'un "cassage" de partition et une réinstalll, va s'avérer indispensable.
Cela sera surement plus rapide et de la sorte cela te degagera du temps pour d'autres demandes....
-1
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536 > Utilisateur anonyme
8 nov. 2007 à 21:00
Connard, tu gicles, et vite fait

Les salopards de ton espèce qui se planquent au chaud sans mouiller le maillot sont de pur pourris.

Sinon, tu ne posteras pas une fois sans avoir le rappel de ta nullité et de tes abandons de poste (les cas où tu t'es tiré comme un sale péteux).

Les canada dry de l'aide, on en a rien à foutre.

-2
Utilisateur anonyme > Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016
9 nov. 2007 à 01:02
Bonsoir

CONNARD toi-même GROS CON de MERDE ...........!
-1
Réponse 100 / 196
sousoua
8 nov. 2007 à 20:05
Re,
tu crois que la réparation va me faire aussi perdre les données enregistrés.
j'ai un graveur sur l'autre ordinateur
0