Virusgarde & spyware-secure - RESOLU -

[regis56]

Salut charles et merci !

[ARDECHOIS]

Salut charles et merci !

coucou regis , me revoila avec mes rapports , je suis pas rapide je sais en ce moment les pages spyware secure et virusgarde n'apparaissent que rarement par contre mon pc reste tres lent malgre un bon nettoyage et de bonnes defrag .

 

donc voici les rapports c'est du copie/colle j'espere que ca ira pour moi c'est du marsien :

 

1 spyswepper :

 

Spy Sweeper will provide you with detailed information about the operations being performed in this area.

Program Version 5.3.2.2361 Using Spyware Definitions 935

 

To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open.

The following drives are available for sweeping:

Drives: C: D: F: G: H: I: M: Q:

Also sweeping: Memory, Cookies, Registry, All Folders

Custom Sweep has completed. Elapsed time 01:52:37

Traces Found: 0

 

 

11:27: Traces Found: 0

11:27: Custom Sweep has completed. Elapsed time 01:52:37

11:26: File Sweep Complete, Elapsed Time: 01:50:04

10:35: Warning: SweepDirectories: Cannot find directory "q:". This directory was not added to the list of paths to be scanned.

10:35: Warning: SweepDirectories: Cannot find directory "m:". This directory was not added to the list of paths to be scanned.

10:35: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.

10:35: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.

10:35: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.

10:35: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.

09:36: Starting File Sweep

09:36: Cookie Sweep Complete, Elapsed Time: 00:00:03

09:36: Starting Cookie Sweep

09:36: Registry Sweep Complete, Elapsed Time:00:00:28

09:36: Starting Registry Sweep

09:36: Memory Sweep Complete, Elapsed Time: 00:01:32

09:34: Starting Memory Sweep

09:34: Sweep initiated using definitions version 935

09:34: Spy Sweeper 5.3.2.2361 started

09:34: | Start of Session, vendredi 22 juin 2007 |

***************

09:34: Program Version 5.3.2.2361 Using Spyware Definitions 935

09:33: Spy Sweeper 5.3.2.2361 started

09:33: | Start of Session, vendredi 22 juin 2007 |

***************

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

07:54: Shield States

07:54: Spyware Definitions: 935

07:54: Spy Sweeper 5.3.2.2361 started

07:54: Spy Sweeper 5.3.2.2361 started

07:54: | Start of Session, vendredi 22 juin 2007 |

***************

09:29: ApplicationMinimized - EXIT

09:29: ApplicationMinimized - ENTER

09:29: IE Fa&vorites Shield: Entry Allowed: http://www.web-infotek.com/modules.php?Mod...f5323d235672a76

09:27: Removal process completed. Elapsed time 00:00:07

09:27: Quarantining All Traces: xiti cookie

09:27: Quarantining All Traces: weborama cookie

09:27: Quarantining All Traces: tradedoubler cookie

09:27: Quarantining All Traces: webtrendslive cookie

09:27: Quarantining All Traces: overture cookie

09:27: Quarantining All Traces: mediaplex cookie

09:27: Quarantining All Traces: atlas dmt cookie

09:27: Quarantining All Traces: advertising cookie

09:27: Quarantining All Traces: adtech cookie

09:27: Quarantining All Traces: 2o7.net cookie

09:27: Removal process initiated

09:26: Traces Found: 12

09:26: Custom Sweep has completed. Elapsed time 01:26:51

09:26: File Sweep Complete, Elapsed Time: 01:23:14

09:26: ApplicationMinimized - EXIT

09:26: ApplicationMinimized - EXIT

09:26: ApplicationMinimized - ENTER

09:26: ApplicationMinimized - ENTER

09:21: ApplicationMinimized - EXIT

09:21: ApplicationMinimized - EXIT

09:21: ApplicationMinimized - ENTER

09:21: ApplicationMinimized - ENTER

09:21: Warning: SweepDirectories: Cannot find directory "q:". This directory was not added to the list of paths to be scanned.

09:21: Warning: SweepDirectories: Cannot find directory "m:". This directory was not added to the list of paths to be scanned.

09:21: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.

09:21: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.

09:21: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.

09:21: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.

09:15: ApplicationMinimized - EXIT

09:15: ApplicationMinimized - EXIT

09:15: ApplicationMinimized - ENTER

09:15: ApplicationMinimized - ENTER

09:13: Warning: Failed to read file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie55afg1q3\toolenduro[1].htm". "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie55afg1q3\toolenduro[1].htm": File not found

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\pczn13ua\urchin[1].htm". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@forum[1].txt". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\49un0du7\321[1].swf". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie55afg1q3\546[1].swf". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\pczn13ua\582[1].swf". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5pefsduf\527[1].swf". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie55afg1q3\550[1].swf". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\49un0du7\373[1].swf". Opération réussie

09:13: Warning: Failed to open file "c:\program files\sims weather\weather\d.png". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\menu démarrer\programmes\météo les sims 2\désinstaller.lnk". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5pefsduf\adimage[1].htm". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\pczn13ua\adview[2].htm". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\pczn13ua\adimage[1].htm". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@zebulon[1].txt". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@zimagez[2].txt". Opération réussie

09:13: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\9u1fqs3l\adframe[1].htm". Opération réussie

09:12: Warning: Failed to open file "c:\windows\temp\_avast4_\webshlock.txt". Opération réussie

09:12: Warning: Failed to open file "c:\documents and settings\admin.xpsp2-0b64072fe\local settings\temporary internet files\content.ie5\5hb6g23m\ban_468x60_1[1].htm". Opération réussie

09:06: ApplicationMinimized - EXIT

09:06: ApplicationMinimized - EXIT

09:06: ApplicationMinimized - ENTER

09:06: ApplicationMinimized - ENTER

08:46: ApplicationMinimized - EXIT

08:46: ApplicationMinimized - EXIT

08:46: ApplicationMinimized - ENTER

08:46: ApplicationMinimized - ENTER

08:40: ApplicationMinimized - EXIT

08:40: ApplicationMinimized - EXIT

08:40: ApplicationMinimized - ENTER

08:40: ApplicationMinimized - ENTER

08:22: ApplicationMinimized - EXIT

08:22: ApplicationMinimized - EXIT

08:22: ApplicationMinimized - ENTER

08:22: ApplicationMinimized - ENTER

08:07: ApplicationMinimized - EXIT

08:07: ApplicationMinimized - EXIT

08:07: ApplicationMinimized - ENTER

08:07: ApplicationMinimized - ENTER

08:04: ApplicationMinimized - EXIT

08:04: ApplicationMinimized - EXIT

08:04: ApplicationMinimized - ENTER

08:04: ApplicationMinimized - ENTER

08:03: Starting File Sweep

08:03: Cookie Sweep Complete, Elapsed Time: 00:00:05

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@xiti[1].txt (ID = 3717)

08:03: Found Spy Cookie: xiti cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@weborama[2].txt (ID = 3658)

08:03: Found Spy Cookie: weborama cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@tradedoubler[2].txt (ID = 3575)

08:03: Found Spy Cookie: tradedoubler cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@statse.webtrendslive[1].txt (ID = 3667)

08:03: Found Spy Cookie: webtrendslive cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@paypal.112.2o7[1].txt (ID = 1958)

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@overture[1].txt (ID = 3105)

08:03: Found Spy Cookie: overture cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@mediaplex[1].txt (ID = 6442)

08:03: Found Spy Cookie: mediaplex cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@maxis.112.2o7[1].txt (ID = 1958)

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@atdmt[1].txt (ID = 2253)

08:03: Found Spy Cookie: atlas dmt cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@advertising[2].txt (ID = 2175)

08:03: Found Spy Cookie: advertising cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@adtech[2].txt (ID = 2155)

08:03: Found Spy Cookie: adtech cookie

08:03: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@2o7[1].txt (ID = 1957)

08:03: Found Spy Cookie: 2o7.net cookie

08:03: Starting Cookie Sweep

08:03: Registry Sweep Complete, Elapsed Time:00:00:35

08:02: Starting Registry Sweep

08:02: Memory Sweep Complete, Elapsed Time: 00:02:39

08:00: ApplicationMinimized - EXIT

08:00: ApplicationMinimized - EXIT

08:00: ApplicationMinimized - ENTER

08:00: ApplicationMinimized - ENTER

08:00: Starting Memory Sweep

07:59: Start Custom Sweep

07:59: Sweep initiated using definitions version 935

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

07:58: Shield States

07:58: ApplicationMinimized - EXIT

07:58: ApplicationMinimized - ENTER

07:58: ApplicationMinimized - EXIT

07:58: ApplicationMinimized - ENTER

07:58: Spyware Definitions: 935

07:58: Spy Sweeper 5.3.2.2361 started

07:58: Spy Sweeper 5.3.2.2361 started

07:58: | Start of Session, vendredi 22 juin 2007 |

***************

Un arrêt système est en cours

19:50: Warning: Messenger.ServiceState: System Error. Code: 1115.

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

19:50: Tamper Detection

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

19:49: Tamper Detection

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

06:08: Shield States

06:08: Spyware Definitions: 934

06:08: Spy Sweeper 5.3.2.2361 started

06:08: Spy Sweeper 5.3.2.2361 started

06:08: | Start of Session, jeudi 21 juin 2007 |

***************

Un arrêt système est en cours

23:38: Warning: Messenger.ServiceState: System Error. Code: 1115.

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

23:38: Tamper Detection

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

23:37: Tamper Detection

20:32: Your spyware definitions have been updated.

Operation: File Access

Target:

Source: C:\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

20:32: Tamper Detection

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

20:10: Shield States

20:10: Spyware Definitions: 934

20:10: ApplicationMinimized - EXIT

20:10: ApplicationMinimized - ENTER

20:10: Spy Sweeper 5.3.2.2361 started

20:10: Spy Sweeper 5.3.2.2361 started

20:10: | Start of Session, jeudi 21 juin 2007 |

***************

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

06:04: Shield States

06:04: Spyware Definitions: 933

06:04: Spy Sweeper 5.3.2.2361 started

06:04: Spy Sweeper 5.3.2.2361 started

06:04: | Start of Session, mercredi 20 juin 2007 |

***************

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

23:17: Tamper Detection

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

23:17: Tamper Detection

20:32: Your spyware definitions have been updated.

Operation: File Access

Target:

Source: C:\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

20:31: Tamper Detection

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

14:16: Shield States

14:16: Spyware Definitions: 933

14:16: Spy Sweeper 5.3.2.2361 started

14:16: Spy Sweeper 5.3.2.2361 started

14:16: | Start of Session, mercredi 20 juin 2007 |

***************

20:30: Your spyware definitions have been updated.

Operation: File Access

Target:

Source: C:\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

20:30: Tamper Detection

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

06:10: Shield States

06:10: Spyware Definitions: 932

06:10: Spy Sweeper 5.3.2.2361 started

06:10: Spy Sweeper 5.3.2.2361 started

06:10: | Start of Session, mardi 19 juin 2007 |

***************

18:00: ApplicationMinimized - EXIT

18:00: ApplicationMinimized - ENTER

06:52: ApplicationMinimized - EXIT

06:52: ApplicationMinimized - ENTER

06:52: Deletion from quarantine completed. Elapsed time 00:00:00

06:52: Processing: tradedoubler cookie

06:52: Processing: xiti cookie

06:52: Processing: xiti cookie

06:52: Processing: xiti cookie

06:52: Processing: xiti cookie

06:52: Processing: zedo cookie

06:52: Processing: zedo cookie

06:52: Processing: bluestreak cookie

06:52: Processing: atlas dmt cookie

06:52: Processing: 2o7.net cookie

06:52: Processing: 2o7.net cookie

06:52: Processing: fe.lea.lycos.com cookie

06:52: Processing: weborama cookie

06:52: Processing: yieldmanager cookie

06:52: Processing: hbmediapro cookie

06:52: Processing: apmebf cookie

06:52: Processing: mediaplex cookie

06:52: Deletion from quarantine initiated

06:52: Removal process completed. Elapsed time 00:00:07

06:52: Quarantining All Traces: weborama cookie

06:52: Quarantining All Traces: tradedoubler cookie

06:52: Quarantining All Traces: 2o7.net cookie

06:52: Quarantining All Traces: mediaplex cookie

06:52: Quarantining All Traces: fe.lea.lycos.com cookie

06:52: Quarantining All Traces: zedo cookie

06:52: Quarantining All Traces: bluestreak cookie

06:52: Quarantining All Traces: atlas dmt cookie

06:52: Quarantining All Traces: apmebf cookie

06:52: Quarantining All Traces: yieldmanager cookie

06:52: Quarantining All Traces: hbmediapro cookie

06:52: Quarantining All Traces: xiti cookie

06:51: Removal process initiated

06:41: ApplicationMinimized - EXIT

06:41: ApplicationMinimized - EXIT

06:41: ApplicationMinimized - ENTER

06:41: ApplicationMinimized - ENTER

06:40: Traces Found: 17

06:40: Quick Sweep has completed. Elapsed time 00:35:33

06:40: File Sweep Complete, Elapsed Time: 00:27:12

06:38: ApplicationMinimized - EXIT

06:38: ApplicationMinimized - EXIT

06:38: ApplicationMinimized - ENTER

06:38: ApplicationMinimized - ENTER

06:32: ApplicationMinimized - EXIT

06:32: ApplicationMinimized - EXIT

06:32: ApplicationMinimized - ENTER

06:32: ApplicationMinimized - ENTER

06:23: ApplicationMinimized - EXIT

06:23: ApplicationMinimized - EXIT

06:23: ApplicationMinimized - ENTER

06:23: ApplicationMinimized - ENTER

06:20: ApplicationMinimized - EXIT

06:20: ApplicationMinimized - EXIT

06:20: ApplicationMinimized - ENTER

06:20: ApplicationMinimized - ENTER

06:13: Starting File Sweep

06:12: Cookie Sweep Complete, Elapsed Time: 00:00:06

06:12: c:\documents and settings\networkservice.autorite nt\cookies\system@xiti[1].txt (ID = 3717)

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@zedo[2].txt (ID = 3762)

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@xiti[1].txt (ID = 3717)

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@weborama[2].txt (ID = 3658)

06:12: Found Spy Cookie: weborama cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@tradedoubler[1].txt (ID = 3575)

06:12: Found Spy Cookie: tradedoubler cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@paypal.112.2o7[1].txt (ID = 1958)

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@msnportal.112.2o7[1].txt (ID = 1958)

06:12: Found Spy Cookie: 2o7.net cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@mediaplex[1].txt (ID = 6442)

06:12: Found Spy Cookie: mediaplex cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@fe.lea.lycos[1].txt (ID = 2660)

06:12: Found Spy Cookie: fe.lea.lycos.com cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@c2.zedo[1].txt (ID = 3763)

06:12: Found Spy Cookie: zedo cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@bluestreak[2].txt (ID = 2314)

06:12: Found Spy Cookie: bluestreak cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@atdmt[2].txt (ID = 2253)

06:12: Found Spy Cookie: atlas dmt cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@apmebf[1].txt (ID = 2229)

06:12: Found Spy Cookie: apmebf cookie

06:12: c:\documents and settings\admin.xpsp2-0b64072fe\cookies\admin@ad.yieldmanager[2].txt (ID = 3751)

06:12: Found Spy Cookie: yieldmanager cookie

06:12: c:\documents and settings\laurine\cookies\laurine@xiti[1].txt (ID = 3717)

06:12: c:\documents and settings\laurine\cookies\laurine@adopt.hbmediapro[2].txt (ID = 2768)

06:12: Found Spy Cookie: hbmediapro cookie

06:12: c:\documents and settings\ran et diamant\cookies\ran et diamant@xiti[1].txt (ID = 3717)

06:12: Found Spy Cookie: xiti cookie

06:12: Starting Cookie Sweep

06:12: Registry Sweep Complete, Elapsed Time:00:00:50

06:11: Starting Registry Sweep

06:11: Memory Sweep Complete, Elapsed Time: 00:06:35

06:09: ApplicationMinimized - EXIT

06:09: ApplicationMinimized - EXIT

06:09: ApplicationMinimized - ENTER

06:09: ApplicationMinimized - ENTER

06:07: ApplicationMinimized - EXIT

06:07: ApplicationMinimized - EXIT

06:07: ApplicationMinimized - ENTER

06:07: ApplicationMinimized - ENTER

06:05: ApplicationMinimized - EXIT

06:05: ApplicationMinimized - EXIT

06:05: ApplicationMinimized - ENTER

06:05: ApplicationMinimized - ENTER

06:05: Starting Memory Sweep

06:05: Start Quick Sweep

06:05: Sweep initiated using definitions version 932

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

06:03: Shield States

06:03: Spyware Definitions: 932

06:03: Spy Sweeper 5.3.2.2361 started

06:03: Spy Sweeper 5.3.2.2361 started

06:03: | Start of Session, lundi 18 juin 2007 |

***************

22:13: ApplicationMinimized - EXIT

22:13: ApplicationMinimized - ENTER

22:13: IE Favorites Shield: Entry Denied: http://forum.zebulon.fr/index.php?showforum=51

22:13: IE Fa&vorites Shield: Entry Denied: http://www.web-infotek.com/modules.php?Mod...18f1e23d8284883

21:02: ApplicationMinimized - EXIT

21:02: ApplicationMinimized - ENTER

20:29: Your definitions are up to date.

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

19:55: Shield States

19:55: Spyware Definitions: 932

19:54: Spy Sweeper 5.3.2.2361 started

19:54: Spy Sweeper 5.3.2.2361 started

19:54: | Start of Session, lundi 18 juin 2007

 

 

 

 

 

 

 

2 - hijack

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:33:56, on 22/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Microsoft Office\Office10\WINWORD.EXE

C:\Documents and Settings\Admin.XPSP2-0B64072FE\Bureau\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: load= c:\quickenw\MEMENTO.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')

O4 - Startup: Anti-Pub.lnk = C:\Antipub\antipub.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1AD7696C-6E61-49AD-940E-CAD00DF6619B}: NameServer = 212.151.137.170 212.151.136.246

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - F-Secure Corp. - D:\TELECH~1\CONTRO~1\backweb\2338637\Program\SERVIC~1.EXE

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: FSBWSYS - Unknown owner - D:\Telechargements\Controle parental\backweb\2338637\program\fsbwsys.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Telechargements\Controle parental\Common\FSMA32.EXE

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

--

End of file - 6194 bytes

[regis56]

Salut !

 

Voici ce qu eu tvas faire stp :

 

Télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau

 

Dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

 

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

 

A plus.

[ARDECHOIS]

Salut !

 

Voici ce qu eu tvas faire stp :

 

Télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau

 

Dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

 

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

 

A plus.

 

ben c

[ARDECHOIS]

Salut !

 

Voici ce qu eu tvas faire stp :

 

Télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau

 

Dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

 

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

 

A plus.

 

j'ai pas fini surle precedant message , apres dezippage et lancement de genproc.dat un messga s'affiche sur la page "dos" en m'indiquant qu'il manque un ou plusieurs fichier et que l'application ne peut demarrer , j'ai pas de bol .

[regis56]

Salut !

 

ok on vas faire sans alors !

 

Relance fixnavilog et choisit l'option 1 stp

 

poste le rapport

 

Ensuite fais un scan en ligne ici

 

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

A plus.

Modifié le 22 juin 2007 par regis56

[ARDECHOIS]

Salut !

 

ok on vas faire sans alors !

 

Relance fixnavilog et choisit l'option 1 stp

 

poste le rapport

 

Ensuite fais un scan en ligne ici

 

 

 

A plus.

 

 

 

 

bonjour , et merci pour ton aide , voici le rapport :

 

 

 

 

 

 

Search Navipromo version 2.0.3 commencé le 23/06/2007 à 9:17:25,87

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Poster ce rapport sur le forum pour le faire analyser !!!

!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

 

Fix lancé depuis C:\Program Files\navilog1

Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

 

Executé en mode normal

 

*** Recherche Programmes installes ***

 

 

 

 

*** Recherche dossiers dans C:\WINDOWS ***

 

 

 

 

*** Recherche dossiers dans C:\Program Files ***

 

 

 

 

*** Recherche dossiers dans C:\Documents and Settings\All Users.WINDOWS\Application Data ***

 

 

 

 

*** Recherche dossiers dans C:\Documents and Settings\Admin.XPSP2-0B64072FE\Application Data ***

 

 

 

*** Recherche avec BlackLight Engine/F-secure ***

BlackLight Engine est un produit de F-secure, pour + d'infos :

http://www.f-secure.com/blacklight/blacklight_help.html

 

 

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR

======================================

 

Copyright 2005-2006 F-Secure Corporation. All rights reserved.

This is a beta version. It will expire on 1st of April, 2007.

Version information: 2.2.1061.

 

[+] Started on 06/23/07 at 09:17:34.

[+] Initializing ...

[+] Starting scan, press Ctrl-C to abort.

[+] Scanning for hidden items .............................................

[+] Scan complete.

[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.

[+] Exited on 06/23/07 at 09:22:17 (return code = 0).

 

 

*** Recherche fichiers ***

 

 

 

 

*** Recherche cles registre ***

 

 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

 

 

 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

 

 

 

Recherche Clé Magic Control

 

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche fichiers connus:

 

 

2)Recherche Heuristique :

*

**

***

****

*****

******

*******

********

 

 

*** Analyse Terminé le 23/06/2007 à 9:22:42,18 ***

[regis56]

SAlut !

 

Comment se comporte le pc ?

 

Peut tu mettre le rapport de scan en ligne stp ?

 

A plus.

[ARDECHOIS]

SAlut !

 

Comment se comporte le pc ?

 

Peut tu mettre le rapport de scan en ligne stp ?

 

A plus.

 

 

salut , le pc est toujours un peu lent , pour le scan il n'y avait rien et ma sauvegarde du rapport est vide ( j'ai fait une fausse manip .) si je dois le refaire est ce que je dois lors du scan arreter mon antivirus avast et le pare feu , certain scan le demande ???merci .

[regis56]

Salut !

 

Oui j'ai besoin de voir le rapport il va falloir que tu le refasse stp

 

Si tu est obligé oui désactive ton antivirus et parefeu juste le temps du scan

 

A plus.