Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Rapports Avia Antivir + HijackThis

didier405

Par didier405
dans Analyses et éradication malwares

 Partager

Messages recommandés

didier405 Member

didier405

Posté(e)
Posté(e) (modifié)

Bonjour,

 

J’ai fait un CleanMgr et un scan Avira Antivir en mode sans échec, puis HijackThis en mode normal.

 

Voir ci-dessous les rapports Avira Antivir et HijackThis.

 

RAPPORT AVIRA ANTIVIR :

 

AntiVir PersonalEdition Classic

Report file date: mardi 24 juillet 2007 02:14

 

Scanning for 740715 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: utilisateur

Computer name: DIDIER3

 

Version information:

BUILD.DAT : 248 14437 Bytes 31/05/07 16:59:00

AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/07 11:37:14

AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/07 11:31:54

LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/07 11:26:04

LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/07 11:18:59

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/06 13:08:58

ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/07 13:09:01

ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/07 13:09:02

ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/07 13:09:02

AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/07 13:04:24

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/07 09:36:26

AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/07 11:31:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/07 12:16:24

AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/07 07:48:28

AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/07 08:05:08

AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/07 11:16:05

AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/07 10:32:26

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/07 10:09:42

RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/07 09:46:18

RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/07 11:42:42

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: mardi 24 juillet 2007 02:14

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'msimn.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

16 processes with 16 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '35' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <System>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\utilisateur\Mes documents\Perso\Zebulon\SmitfraudFix.zip

[0] Archive type: ZIP

--> SmitfraudFix/Reboot.exe

[DETECTION] Contains signature of the SPR/Tool.Reboot.C program

--> SmitfraudFix/restart.exe

[DETECTION] Contains signature of the SPR/Tool.Hardoff.A program

[iNFO] The file was deleted!

C:\Documents and Settings\utilisateur\Mes documents\Perso\Zebulon\SmitfraudFix\Reboot.exe

[DETECTION] Contains signature of the SPR/Tool.Reboot.C program

[iNFO] The file was moved to '47074777.qua'!

C:\Documents and Settings\utilisateur\Mes documents\Perso\Zebulon\SmitfraudFix\restart.exe

[DETECTION] Contains signature of the SPR/Tool.Hardoff.A program

[iNFO] The file was moved to '4718478c.qua'!

C:\Documents and Settings\utilisateur\Mes documents\Z_Caleo\TelephonesMobiles\TelephonesMobiles16F.eml

[0] Archive type: MIME

--> BS_9officemobile.xls

[DETECTION] Contains suspicious code HEUR/Macro.Excel2000

[iNFO] The file was deleted!

C:\Documents and Settings\utilisateur\Mes documents\Z_Caleo\TelephonesMobiles\TelephonesMobiles16iR.eml

[0] Archive type: MIME

--> BS_9offi.xls

[DETECTION] Contains suspicious code HEUR/Macro.Excel2000

[iNFO] The file was deleted!

C:\Program Files\SPYWAREfighter\Quarantine\fil2A36BC49.dat

[0] Archive type: GZ

--> fil2A36BC49

[DETECTION] Is the Trojan horse TR/Agent.aox

[iNFO] The file was deleted!

C:\WINDOWS\system32\kprof

[DETECTION] Is the Trojan horse TR/Proxy.Wopla.AG.4

[iNFO] The file was moved to '4717aefa.qua'!

C:\WINDOWS\system32\perfc000.dat

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '4717af38.qua'!

C:\WINDOWS\system32\poof

[DETECTION] Is the Trojan horse TR/Proxy.Wopla.AG

[iNFO] The file was moved to '4714af51.qua'!

C:\WINDOWS\system32\drivers\runtime2.sys

[WARNING] The file could not be read!

Begin scan in 'D:\'

Search path D:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: mardi 24 juillet 2007 09:50

Used time: 7:36:01 min

 

The scan has been done completely.

 

5380 Scanning directories

520743 Files were scanned

10 viruses and/or unwanted programs were found

2 classified as suspicious:

4 files were deleted

0 files were repaired

5 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

520731 Files not concerned

56649 Archives were scanned

4 Warnings

4 Notes

0 Hidden objects were found

 

RAPPORT HIJACKTHIS :

 

Logfile of HijackThis v1.99.1

Scan saved at 10:25:46, on 24/07/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spamihilator\spamihilator.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\Program Files\NettGain1200 Client\NGSpawner.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\NettGain1200 Client\NettGain1200_C.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = MSPROXY.WG.KNS.COM:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [WatcherHelper] "C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [install.exe] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [scanSoft PDF Professional 3.0-reminder] "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Professional\3\Ereg\ereg.ini"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\winlogon.exe

O4 - HKCU\..\Run: [internet Sweeper] C:\WINDOWS\system32\SWEEPER.EXE /Q

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NettGain1200 Client.lnk = C:\Program Files\NettGain1200 Client\NGSpawner.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.impots.gouv.fr

O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183764526750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183812218640

O17 - HKLM\System\CCS\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{46F82690-4DCD-404E-AB65-95AD06EEDB66}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D109BC7-B46C-4175-ADA0-0CB10C6BF3EE}: Domain = caleo.fr

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D109BC7-B46C-4175-ADA0-0CB10C6BF3EE}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{97C247AD-A810-46B8-B09B-B28B93803557}: NameServer = 210.48.65.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O17 - HKLM\System\CS1\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O17 - HKLM\System\CS2\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Merci d’avance pour vos commentaries, Didier

Modifié par didier405

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour !

 

Ton rapport montre de multiples infections !!

 

Fais ceci stp :

 

Télécharge AVG Anti-Spyware

http://free3.grisoft.cz/softw/70free/setup...up-7.5.0.50.exe

  • Lance AVG Anti-Spyware et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.
  • Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"
  • Ferme AVG Anti-Spyware. Ne pas le lancer tout de suite.

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

  • Du mode Sans Échec, lance AVG Anti-Spyware et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.
  • AVG Anti-Spyware affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. AVG Anti-Spyware affichera "All actions have been applied" du côté droit.
  • Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).
  • Redémarre ton ordi en mode Normal.

.

 

Je te fais passer un autre outil :

 

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

 

Double-clique fsbl.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Prière de poster les rapports suivant dans ta prochaine réponse :

 

1) AVG Anti-Spyware

2) BlackLight

3) Nouveau rapport HijackThis!

 

Bon courage, et @+

didier405 Member

didier405

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Merci pour les instructions que vous m’avez indiquées.

 

1) RAPPORT AVG ANTI SPYWARE :

 

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 22:34:08 24/07/07

 

+ Résultat de l'analyse:

 

C:\WINDOWS\system32\perfc000.dat -> Backdoor.Small.os : Nettoyé et sauvegardé (mise en quarantaine).

C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634}\RP52\A0026749.exe -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).

C:\Documents and Settings\utilisateur\Cookies\utilisateur@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.

C:\Documents and Settings\utilisateur\Cookies\utilisateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.

C:\Documents and Settings\utilisateur\Cookies\utilisateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.

 

Fin du rapport

 

2) RAPPORT BLACKLIGHT :

 

07/24/07 23:41:07 [info]: BlackLight Engine 1.0.64 initialized

07/24/07 23:41:07 [info]: OS: 5.1 build 2600 (Service Pack 2)

07/24/07 23:41:08 [Note]: 7019 4

07/24/07 23:41:08 [Note]: 7005 0

07/24/07 23:41:58 [Note]: 7006 0

07/24/07 23:41:58 [Note]: 7011 1764

07/24/07 23:41:58 [Note]: 7026 0

07/24/07 23:41:58 [Note]: 7026 0

07/24/07 23:42:02 [Note]: FSRAW library version 1.7.1022

07/24/07 23:48:47 [info]: Hidden file: c:\WINDOWS\system32\drivers\runtime2.sys

07/24/07 23:48:47 [Note]: 10002 1

07/24/07 23:50:06 [Note]: 2000 1012

07/24/07 23:50:06 [Note]: 2000 1012

07/24/07 23:51:57 [Note]: 7007 0

 

3) RAPPORT HIJACKTHIS :

 

Logfile of HijackThis v1.99.1

Scan saved at 23:58:53, on 24/07/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spamihilator\spamihilator.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SWEEPER.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\NettGain1200 Client\NGSpawner.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\Program Files\NettGain1200 Client\NettGain1200_C.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = MSPROXY.WG.KNS.COM:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [WatcherHelper] "C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [install.exe] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [scanSoft PDF Professional 3.0-reminder] "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Professional\3\Ereg\ereg.ini"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\winlogon.exe

O4 - HKCU\..\Run: [internet Sweeper] C:\WINDOWS\system32\SWEEPER.EXE /Q

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NettGain1200 Client.lnk = C:\Program Files\NettGain1200 Client\NGSpawner.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.impots.gouv.fr

O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183764526750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183812218640

O17 - HKLM\System\CCS\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{46F82690-4DCD-404E-AB65-95AD06EEDB66}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D109BC7-B46C-4175-ADA0-0CB10C6BF3EE}: Domain = caleo.fr

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D109BC7-B46C-4175-ADA0-0CB10C6BF3EE}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{97C247AD-A810-46B8-B09B-B28B93803557}: NameServer = 210.48.65.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O17 - HKLM\System\CS1\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O17 - HKLM\System\CS2\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

4) Le fichier perfc000.dat est toujours présent dans C:/Windows/System32.

 

Il se recrée immédiatement dès que je le supprime.

 

J’espère qu’il y a une solution, Didier

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

SAlut !

 

1. Télécharge combofix.exe (par sUBs) ici :

 

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

sur ton Bureau.

 

2. Double clique combofix.exe et suis les invites.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 

A plus.

didier405 Member

didier405

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Voici le rapport de ComboFix. Merci d’avance pour l’analyse que vous allez en faire.

 

Didier

 

"utilisateur" - 2007-07-26 1:33:54 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\UTILIS~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\6BRJUHMS\iforex.com

C:\DOCUME~1\UTILIS~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\6BRJUHMS\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\DOCUME~1\UTILIS~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\DOCUME~1\UTILIS~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\DOCUME~1\UTILIS~1\Bureau.\internet explorer.lnk

C:\WINDOWS\system32\5_exception.nls

C:\WINDOWS\system32\iepref32.dll

C:\WINDOWS\system32\perfc000.dat

C:\WINDOWS\system32\qmopt.dll

C:\WINDOWS\system32\regsvr32.dll

C:\WINDOWS\system32\svcp.csv

C:\WINDOWS\system32\winsub.xml

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NDNET1

-------\LEGACY_POOF

-------\LEGACY_RUNTIME

-------\LEGACY_RUNTIME2

-------\kprof

-------\lanmandrv

-------\poof

 

 

((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))

 

 

2007-07-26 01:29 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-24 21:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-07-24 10:18 <REP> d-------- C:\HijackThis

2007-07-17 23:38 <REP> d-------- C:\Program Files\BitDefender

2007-07-17 23:31 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\Bitdefender

2007-07-17 23:06 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-07-17 23:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender

2007-07-17 22:55 <REP> d-------- C:\Program Files\Avast

2007-07-17 21:58 <REP> d-------- C:\7cdfa6d63be8c0af1da1f69bcc

2007-07-17 16:57 <REP> d-------- C:\7e5103095301821f019cd3d7e9f65e

2007-07-17 16:30 <REP> d-------- C:\6cb114009477c2e5815215e6fe

2007-07-17 00:14 <REP> d-------- C:\Program Files\Fichiers communs\Application

2007-07-17 00:06 <REP> d-------- C:\Program Files\SPYWAREfighter

2007-07-16 22:47 23,530,080 --a------ C:\bitdefender_antivirus.exe

2007-07-16 03:15 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-07-16 01:01 34,560 --a------ C:\WINDOWS\system32\drivers\runtime2.sys

2007-07-15 02:07 <REP> d-------- C:\4857ca28ba5bac562a

2007-07-14 18:51 16,015,360 --a------ C:\DOCUME~1\UTILIS~1\ntuser.dat

2007-07-14 04:47 434 --a------ C:\WINDOWS\system32\iebdfex.dll

2007-07-14 01:23 73 --a------ C:\WINDOWS\system32\ierql.dll

2007-07-14 01:23 5,053 --a------ C:\WINDOWS\system32\iefpmod.dll

2007-07-14 01:23 4 --a------ C:\WINDOWS\system32\iebudata.dll

2007-07-14 01:23 302 --a------ C:\WINDOWS\system32\iehrdata.dll

2007-07-14 01:23 145 --a------ C:\WINDOWS\system32\iesc.dll

2007-07-14 01:23 105 --a------ C:\WINDOWS\system32\qshl.dll

2007-07-10 16:18 <REP> d--h----- C:\WINDOWS\PIF

2007-07-08 17:37 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-08 02:18 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2007-07-08 00:08 <REP> d-------- C:\WINDOWS\Prefetch

2007-07-07 20:40 172,032 --a------ C:\WINDOWS\system32\igfxres.dll

2007-07-07 20:28 <REP> d-------- C:\Program Files\msn gaming zone

2007-07-07 20:12 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-07-07 20:12 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-07-07 15:47 <REP> d-------- C:\DOCUME~1\MOI\APPLIC~1\AdobeUM

2007-07-07 15:46 <REP> d-------- C:\DOCUME~1\MOI\APPLIC~1\pdf995

2007-07-07 15:37 0 --a------ C:\WINDOWS\nsreg.dat

2007-07-07 12:31 <REP> d---s---- C:\DOCUME~1\MOI\UserData

2007-07-06 04:21 <REP> d-------- C:\DOCUME~1\MOI\APPLIC~1\Spamihilator

2007-07-06 02:51 <REP> d-------- C:\WINDOWS\setup.pss

2007-07-05 21:02 <REP> d-------- C:\WINDOWS\OPTIONS

2007-07-05 21:02 <REP> d-------- C:\fsc.tmp

2007-07-05 19:18 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\Spamihilator

2007-06-28 22:55 570 --a------ C:\WINDOWS\system32\S3R521.dll

2007-06-26 12:08 119,424 -ra------ C:\WINDOWS\system32\drivers\ser2pl.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-25 21:35:14 -------- d-----w C:\Program Files\NettGain1200 Client

2007-07-18 13:22:38 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM

2007-07-15 23:01:24 47,849 ----a-w C:\WINDOWS\system32\cjpeg.exe

2007-07-13 17:51:50 -------- d-----w C:\Program Files\Spamihilator

2007-07-07 22:14:08 85,300 ----a-w C:\WINDOWS\system32\perfc00C.dat

2007-07-07 22:14:08 509,518 ----a-w C:\WINDOWS\system32\perfh00C.dat

2007-07-07 18:17:43 23,724 -c--a-w C:\WINDOWS\system32\emptyregdb.dat

2007-07-05 19:49:20 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-07-05 19:49:20 -------- d-----w C:\Program Files\Intel

2007-06-21 09:47:48 679,936 ----a-w C:\WINDOWS\system32\spsplib1.dll

2007-06-16 17:46:23 -------- d-----w C:\Program Files\MSXML 6.0

2007-06-16 17:44:01 -------- d-----w C:\Program Files\MSBuild

2007-06-16 17:38:37 -------- d-----w C:\Program Files\Reference Assemblies

2007-06-08 09:52:50 947,096 ----a-w C:\WINDOWS\system32\_ISource30.dll

2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel(2).dll

2007-04-25 07:40:25 822,784 ----a-w C:\WINDOWS\system32\wininet(5).dll

2007-04-25 07:40:25 822,784 ----a-w C:\WINDOWS\system32\wininet(2).dll

2007-04-25 07:40:18 1,152,000 ----a-w C:\WINDOWS\system32\urlmon(5).dll

2007-04-25 07:40:18 1,152,000 ----a-w C:\WINDOWS\system32\urlmon(2).dll

2007-04-25 07:40:13 105,984 ----a-w C:\WINDOWS\system32\url(5).dll

2007-04-25 07:40:13 105,984 ----a-w C:\WINDOWS\system32\url(2).dll

2007-04-25 07:39:26 267,776 ----a-w C:\WINDOWS\system32\iertutil(4).dll

2007-04-25 07:39:26 267,776 ----a-w C:\WINDOWS\system32\iertutil(2).dll

2007-01-25 17:59:24 1,585 -c--a-w C:\Program Files\NettGain1200 Client setup.log

2006-09-03 00:22:22 1,312,256 -c--a-w C:\Program Files\isfw.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WatcherHelper"="C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe" [2006-09-15 12:33]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24]

"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-06-21 11:48]

"SMSERIAL"="sm56hlpr.exe" [2005-04-26 11:15 C:\WINDOWS\sm56hlpr.exe]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10]

"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11]

"Watcher3G"="" []

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-12 03:20]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 15:14]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 13:01]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 10:29]

"AirCardEnabler"="" []

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

"@"="" []

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

"ScanSoft PDF Professional 3.0-reminder"="C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" []

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-24 21:29]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25]

"Internet Sweeper"="C:\WINDOWS\system32\SWEEPER.exe" [2005-12-18 12:10]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

NettGain1200 Client.lnk - C:\Program Files\NettGain1200 Client\NGSpawner.exe [2007-01-25 19:59:22]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-10-10 00:16:45]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]

odyEvent.dll 2006-09-04 22:16 106496 C:\WINDOWS\system32\odyEvent.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"UMWdf"=3 (0x3)

 

R0 iaStor;Intel AHCI Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys

R1 bdpredir;bdpredir;\??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys

R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys

R3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys

R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys

R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys

R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys

R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys

R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys

R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"

R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys

R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys

R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys

R3 w29n51;Pilote de carte de connexion r‚seau Intel® PRO/Wireless 2200BG pour Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys

S3 CMIUSB;Motic New MC Camera;C:\WINDOWS\system32\Drivers\MC1001200130012001B\cmiusb.sys

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio;C:\WINDOWS\system32\drivers\HdAudio.sys

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 NaiAvFilter1;NaiAvFilter1;C:\WINDOWS\system32\drivers\naiavf5x.sys

S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20);C:\WINDOWS\system32\DRIVERS\swumx20.sys

S4 agpCPQ;Filtre de bus AGP Compaq;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

S4 iToolsOPCService;iTools OPC Service;"C:\Program Files\Eurotherm\iTools\iToolsService.exe"

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-26 01:48:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-26 1:52:07 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-26 01:51

 

--- E O F ---

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Salut !

 

Remet un rapport hiajckthis et ensuite fais ceci :

 

Télécharge SpySweeper - Télécharge SpySweeper - Aide SpySweeper

- Clic sur sur le lien "Free Trial" pour le télécharger tout à droite

- Installe le et démare le

- Il va te demander de télécharger la dernière définition, accepte

- Ensuite, clic sur le bouton Options à gauche

- Clic sur l'onglet Options

- Assure toi que les options suivantes sont cochées :

o Windows Registery

o Memory Object

o Cookies

o System Restore Folder

o Plus bas :

o Sweep all users accounts

o Sweep for rootkis

 

-- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Démarre SpySweeper

- Clic sur "Sweep Now" à gauche

- Clic sur le bouton "Start"

- Quand le scan est terminé, clic sur le bouton "Next"

- Assure toi que tout est coché et clic sur le bouton "Next"

- Lorsque tous les éléments trouvés ont été supprimés

- Clic sur "Session Log" en haut à droite, copie tous les élements du log.

- Ferme les fenêtres et colle tout le log ici ainsi qu'un log HijackThis

 

 

Aide : N'hésite pas à consulter l'Aide de SpySweeper

 

A plus.

didier405 Member

didier405

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Voici les rapports, sauf que je me suis trompé : j’ai fais le SpySweeper avant le HijackThis.

 

Les fichiers perfc000.dat et startdrv.exe ont disparu, mais les mises à jour Windows ne fonctionnent toujours pas.

 

Merci d’avance pour votre avis.

 

RAPPORT SPYSWEEPER :

 

00:41: Removal process completed. Elapsed time 00:00:04

00:41: Informational: Virus infected file c:\system volume information\_restore{087f157e-23fb-4616-898c-d065fefca634}\rp68\a0035187.sys not cleaned.

00:41: Quarantining All Traces: Troj/Rootkit-BI

00:41: Quarantining All Traces: xiti cookie

00:41: Quarantining All Traces: trojan-backdoor-goldun

00:41: Quarantining All Traces: trojan-downloader-zlob

00:41: Removal process initiated

00:11: Traces Found: 7

00:11: Custom Sweep has completed. Elapsed time 00:51:54

00:11: File Sweep Complete, Elapsed Time: 00:50:55

00:06: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.

00:06: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_kswg___\8000non_ks_mhs\remoteindexemulattor\config.zap]

00:05: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\utilisateur\ntuser.dat]

00:04: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]

00:03: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\system volume information\_restore{087f157e-23fb-4616-898c-d065fefca634}\rp49\a0025569.exe]

00:02: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]

00:01: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\tmp\ball_sw\a020g-wg-2-31a-p01.exe]

00:01: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\aawsepersonal.exe]

00:01: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\tmp\ball_sw\a219k-wg-2-33a-1-p01_usb.exe]

23:58: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [c:\documents and settings\utilisateur\mes documents\z_caleo\notefrais14i.txt]

23:56: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\aawsepersonal.zap]

23:56: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\blades-price-list\application-cd.xls]

23:53: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\ca92.doc]

23:53: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]

23:52: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\kulicke & soffa\maxum ultra manuals\bin\adberdr70_distrib_enu.exe]

23:51: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\ca93.doc]

23:50: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [c:\documents and settings\utilisateur\mes documents\z_caleo\telephonesmobiles\telephonesmobiles14i.txt]

23:50: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\kulicke & soffa\at premier manuals\bin\adberdr70_distrib_enu.exe]

23:49: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\chgtbanquedomicile.xls]

23:49: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\placement.xls]

23:48: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\ca77.xls]

23:48: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\uffb5.xls]

23:48: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\interets_capital7.xls]

23:48: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\interets_capital5.xls]

23:48: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\tmp\premier\8-99-2-36-e03_usb.exe]

23:48: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\invitations1.xls]

23:47: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\dowjones2000_10.xls]

23:47: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\cel_cdvi_pep.xls]

23:47: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit1.xls]

23:46: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit10.xls]

23:46: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\bprop____\ccbprop.xls]

23:46: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\boniaferastral.xls]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\voiture1.xls]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\tmp\980\980uph\uph-smpw.xls]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\application data\adobe\acrobat\6.0\messages\enu\read0600win_enuadbe0062u.pdf]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_s_tech\frais\fraisbruno03mai1i.xls]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_s_tech\frais\fraisbruno03mar1i.xls]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\cbca.xls]

23:45: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit7.xls]

23:44: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit8.xls]

23:44: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit9.xls]

23:44: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\charges2003.xls]

23:44: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\interets_capital7.xls]

23:43: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\interets_capital.xls]

23:43: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\emprunt15.xls]

23:43: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\interets_capital6.xls]

23:43: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\activités caléo electronique\activité globale 2006_1.xls]

23:42: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\uffb4.xls]

23:42: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_ligne\ier______\ligneprotoier\apm2210ier\mapper (4).test]

23:42: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\placement.xls]

23:42: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\interets_capital9.xls]

23:41: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais_cadre_euro.xls]

23:41: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais_cadre.xls]

23:40: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_s_tech\remunerations\remunerations2.xls]

23:40: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit11.xls]

23:39: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_ricom\virus\virus04fev25_1f.eml]

23:39: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\bprop____\cbbprop.xls]

23:39: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\interets_capital2.xls]

23:39: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\emprunt14.xls]

23:39: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\prenoms3.xls]

23:39: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\o2\_w5.xls]

23:38: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]

23:38: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]

23:38: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\sbf120_2000_10.xls]

23:38: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\nikkei2000_10.xls]

23:38: a0035187.sys (ID = 0)

23:38: Found Troj/Rootkit-BI: Troj/Rootkit-BI

23:37: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\cac40_2000_10.xls]

23:37: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\spam.xls]

23:37: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\cel_pel.xls]

23:37: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\famille\cadeauxnoel2002.xls]

23:37: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\pavillon\financement10.xls]

23:36: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\a_faire1.xls]

23:36: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit2.xls]

23:36: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_06.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_02.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\o2\cl15.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\nasdaq2000_10.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_01.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_12.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_11.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\chronocreditmaison.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\emprunt02.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\emprunt13.xls]

23:35: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\emprunt16.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\remuneration.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_10.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_kswg___\8000non_ks_mhs\remoteindexemulattor\rmwhlemu.zap]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_10oct_16.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_06juin_12.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\pavillon\chauffagistes.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_04avr_23.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_03mar_10.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\comptesbesson.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_01jan_15.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_04_10oct_03.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_04_12dec_04.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_04_11nov_07.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_04_09sept_20.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_04_07juil_02.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_04_06juin_04.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_06.xls]

23:34: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\default]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_kswg___\8000non_ks_mhs\remoteindexemulattor\8060susm.zap]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\pavillon\maison.xls]

23:34: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_05.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_04.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_03.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_02.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_12.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\c_com.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\interets_capital8.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_11.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_10.xls]

23:33: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_08.xls]

23:32: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_06.xls]

23:32: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_05.xls]

23:32: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_04.xls]

23:31: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_03.xls]

23:31: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit3.xls]

23:31: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2003_01.xls]

23:31: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\interets_capital4.xls]

23:31: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\interets_capital3.xls]

23:30: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_ricom\virus\virus04jan30_1f.eml]

23:30: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_05.xls]

23:30: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\besson\profit4.xls]

23:30: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\voiture\205_02_08aout_25.xls]

23:30: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\voiture\checklistvoiture.xls]

23:30: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\o2\ni15.xls]

23:29: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_06juin_09.xls]

23:29: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\voiture\twingo_02_08aout_20.xls]

23:29: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\voiture\twingo_03_07juil_05.xls]

23:29: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\voiture\twingo_04_01jan_03.xls]

23:29: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_06juin_02.xls]

23:29: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_10.xls]

23:28: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\telmobile.xls]

23:28: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_11nov_17.xls]

23:28: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\fra\rdrmsgfra.pdf]

23:27: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\prenoms3r.xls]

23:27: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\o2\co44.xls]

23:27: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_09.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\jo9.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2004_07.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\o2\af2.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2007_02.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_04avr_24.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\spam2.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais_cadre_voit_fonc_euro.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_01jan_21.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2007_03.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\9telecom\fixesappeles2.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2007_04.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_05mai_21.xls]

23:26: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\capital.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_05mai_25.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_ricom\problemeemail\configuration bal et psw neuf cegetel4.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\voiture\205_06_07juil_25.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\voiture\distancesarret.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_05.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\tmp\caleo_sce_tech\fraistecheuros.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_12dec_28.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_04avr_22.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_04avr_30.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_05mai_14.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_06juin_24.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_07juil_14.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_07juil_23.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_01jan_15.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_01jan_29.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_04avr_08.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_04avr_01.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\application data\adobe\acrobat\7.0\messages\fra\read0600win_fraadbe0700.pdf]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_08aout_19.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_08aout_27.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_06juin_04.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_08aout_05.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_02fev_12.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_07juil_20.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_09sept_10.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_12dec_17.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_01jan_15.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_01jan_29.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_02fev_09.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_03mar_07.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_04avr_08.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_05_10oc_t24.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_05mai_14.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_06juin_02.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_07juil_14.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_08aout_05.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_08aout_27.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecel_06_01jan_15.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_07_03mar_10.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\_w7.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_05mai_04.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_11.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\en4.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_12dec_17.xls]

23:25: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_07_02fev_11.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_03mar_10.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_04.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_08.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_10.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_11.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2005_12.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_01.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_02fev_11.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_12dec_29.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_03.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_04.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_07_01jan_21.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_06.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_07.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_11nov_17.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais_cadre_euro06_02fev_20.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\activités caléo electronique\activité globale 2006.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\_excel_model_fr.xls]

23:24: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2007_06.xls]

23:23: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_didier\frais\frais2006_12.xls]

23:23: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\appartavhugo\relevecompteuredf.xls]

23:23: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\finances\impotrevenu2005_3.xls]

23:23: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_07_04avr_11.xls]

23:23: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_04avr_11.xls]

23:23: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_04avr_30.xls]

23:22: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_09sept_30.xls]

23:22: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_ricom\mot_de_passe\configurationoutlook2003didier.xls]

23:22: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\z_ricom\mot_de_passe\configuration bal et psw.xls]

23:22: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\chrono.xls]

23:22: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]

23:22: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_12dec_17.xls]

23:22: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\software.log]

23:21: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_06_12dec_31.xls]

23:21: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\divers\chgtdomicile2.xls]

23:21: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\ccca.xls]

23:21: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\9telecom\fixesappeles.xls]

23:21: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\o2\_w6.xls]

23:21: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_07_07juil_15.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\recherchelocappart\adressesemailagencesimmo.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\tmp\7500\7500uph\7500uph-smpw.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\pavillon\relevecompteurs.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecb_07_07juil_15.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\appartavhugo\appartavhugo.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\ordinateur\o2\_excel_model_fr.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\speleo\tel.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_02fev_06.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_04avr_01.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\application data\adobe\acrobat\6.0\messages\enu\read0600win_enuyhoo0014u.pdf]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_03mar_25.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_04avr_22.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_04avr_30.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_06juin_24.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_07juil_23.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_08aout_19.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_09sept_23.xls]

23:20: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\utilisateur\mes documents\perso\creditagricole\creditagridcolecc_06_10oct_06.xls]

23:20: Starting File Sweep

23:20: Cookie Sweep Complete, Elapsed Time: 00:00:00

23:20: cookies.txt (ID = 3717)

23:20: Found Spy Cookie: xiti cookie

23:20: Starting Cookie Sweep

23:20: Registry Sweep Complete, Elapsed Time:00:00:56

23:20: HKU\S-1-5-21-772277066-1402876303-2549009317-1005\software\microsoft\windows\currentversion\ext\stats\{ae18da4e-be15-4925-81bb-890c04af0200}\ (ID = 1861072)

23:20: HKU\S-1-5-21-772277066-1402876303-2549009317-1005\software\microsoft\windows\currentversion\ext\stats\{96ebbe6a-2864-4345-b32b-26ee9be524b5}\ (ID = 1858030)

23:20: HKU\WRSS_Profile_S-1-5-21-772277066-1402876303-2549009317-1007\software\microsoft\windows\currentversion\ext\stats\{ae18da4e-be15-4925-81bb-890c04af0200}\ (ID = 1861072)

23:20: HKLM\software\win32crc_serv\ (ID = 2394591)

23:20: Found Trojan Horse: trojan-backdoor-goldun

23:20: HKLM\software\microsoft\windows\currentversion\uninstall\safety alert 2006\ (ID = 1853881)

23:20: Found Trojan Horse: trojan-downloader-zlob

23:20: Memory Sweep Complete, Elapsed Time: 00:00:00

23:20: Starting Registry Sweep

23:19: Starting Memory Sweep

23:19: Sweep initiated using definitions version 954

23:19: Spy Sweeper 5.5.1.3356 started

23:19: | Start of Session, jeudi 26 juillet 2007 |

***************

23:16: Program Version 5.5.1.3356 Using Spyware Definitions 954

23:16: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 26/07/2007 01:45:42 (GMT)

23:15: Spy Sweeper 5.5.1.3356 started

23:15: | Start of Session, jeudi 26 juillet 2007 |

***************

21:55: Program Version 5.5.1.3356 Using Spyware Definitions 954

21:55: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 26/07/2007 01:45:42 (GMT)

21:55: Spy Sweeper 5.5.1.3356 started

21:55: | Start of Session, jeudi 26 juillet 2007 |

***************

22:47: Traces Found: 10

22:47: Full Sweep has completed. Elapsed time 00:43:19

22:47: File Sweep Complete, Elapsed Time: 00:42:00

22:14: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.

22:14: Warning: Failed to open file "c:\documents and settings\utilisateur\local settings\temp\~dfa3ec.tmp". Opération réussie

22:14: Warning: Failed to open file "c:\documents and settings\utilisateur\local settings\temp\~df99ba.tmp". Opération réussie

22:05: Starting File Sweep

22:05: Cookie Sweep Complete, Elapsed Time: 00:00:00

22:05: cookies.txt (ID = 3717)

22:05: utilisateur@xiti[1].txt (ID = 3717)

22:05: Found Spy Cookie: xiti cookie

22:05: utilisateur@iv2.bluestreak[1].txt (ID = 2315)

22:05: utilisateur@bluestreak[1].txt (ID = 2314)

22:05: Found Spy Cookie: bluestreak cookie

22:05: utilisateur@2o7[2].txt (ID = 1957)

22:05: Found Spy Cookie: 2o7.net cookie

22:05: Starting Cookie Sweep

22:05: Registry Sweep Complete, Elapsed Time:00:01:16

22:05: HKU\S-1-5-21-772277066-1402876303-2549009317-1005\software\microsoft\windows\currentversion\ext\stats\{ae18da4e-be15-4925-81bb-890c04af0200}\ (ID = 1861072)

22:05: HKU\S-1-5-21-772277066-1402876303-2549009317-1005\software\microsoft\windows\currentversion\ext\stats\{96ebbe6a-2864-4345-b32b-26ee9be524b5}\ (ID = 1858030)

22:05: HKU\WRSS_Profile_S-1-5-21-772277066-1402876303-2549009317-1007\software\microsoft\windows\currentversion\ext\stats\{ae18da4e-be15-4925-81bb-890c04af0200}\ (ID = 1861072)

22:05: HKLM\software\win32crc_serv\ (ID = 2394591)

22:05: Found Trojan Horse: trojan-backdoor-goldun

22:05: HKLM\software\microsoft\windows\currentversion\uninstall\safety alert 2006\ (ID = 1853881)

22:05: Found Trojan Horse: trojan-downloader-zlob

22:05: Memory Sweep Complete, Elapsed Time: 00:00:00

22:05: Starting Registry Sweep

22:04: Starting Memory Sweep

22:04: Sweep initiated using definitions version 954

22:04: Spy Sweeper 5.5.1.3356 started

22:04: | Start of Session, jeudi 26 juillet 2007 |

***************

23:07: ApplicationMinimized - EXIT

23:07: ApplicationMinimized - ENTER

Keylogger: Off

E-mail Attachment: On

23:02: Informational: ShieldEmail: Start monitoring port 25 for mail activities

23:02: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

23:02: Shield States

23:02: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 26/07/2007 01:45:42 (GMT)

23:02: Spyware Definitions: 954

23:02: Spy Sweeper 5.5.1.3356 started

23:02: Spy Sweeper 5.5.1.3356 started

23:02: | Start of Session, jeudi 26 juillet 2007 |

***************

23:10: Warning: DoInject :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe

23:09: ApplicationMinimized - EXIT

23:09: ApplicationMinimized - ENTER

23:08: Informational: ShieldEmail: Start monitoring port 25 for mail activities

Keylogger: Off

E-mail Attachment: On

23:08: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

23:08: Shield States

23:08: Spyware Definitions: 954

23:08: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 26/07/2007 01:45:42 (GMT)

23:08: Spy Sweeper 5.5.1.3356 started

23:08: Spy Sweeper 5.5.1.3356 started

23:08: | Start of Session, jeudi 26 juillet 2007 |

***************

 

RAPPORT HIJACKTHIS :

 

Logfile of HijackThis v1.99.1

Scan saved at 01:08:12, on 27/07/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spamihilator\spamihilator.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SWEEPER.EXE

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\Program Files\NettGain1200 Client\NGSpawner.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\NettGain1200 Client\NettGain1200_C.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = MSPROXY.WG.KNS.COM:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [WatcherHelper] "C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe"

O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [spywarefighterguard] "C:\Program Files\SPYWAREfighter\spftray.exe"

O4 - HKLM\..\Run: [scanSoft PDF Professional 3.0-reminder] "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Professional\3\Ereg\ereg.ini"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [internet Sweeper] C:\WINDOWS\system32\SWEEPER.EXE /Q

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NettGain1200 Client.lnk = C:\Program Files\NettGain1200 Client\NGSpawner.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.impots.gouv.fr

O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183764526750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183812218640

O17 - HKLM\System\CCS\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{46F82690-4DCD-404E-AB65-95AD06EEDB66}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D109BC7-B46C-4175-ADA0-0CB10C6BF3EE}: Domain = caleo.fr

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D109BC7-B46C-4175-ADA0-0CB10C6BF3EE}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{97C247AD-A810-46B8-B09B-B28B93803557}: NameServer = 210.48.65.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O17 - HKLM\System\CS1\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O17 - HKLM\System\CS2\Services\Tcpip\..\{161C71A5-6D5D-479D-BBDB-766C833263CC}: NameServer = 210.48.65.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 213.203.124.147,212.30.96.123

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

 

Fin

didier405 Member

didier405

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

J’ai supprime le logiciel NetGain1200 Client.

 

Voir ci-dessous le rapport Kaspersky.

 

Le fichier infecté perfc000.dat est revenu. Cette fois il s’est mis dans C:\Avenger. J’ai supprimé ce répertoire dans lequel il n’y avait que le fichier perfc000.dat.

 

Les mises à jour de Windows ne s’installent toujours pas.

 

C’est quoi C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634} ? Est un point de restauration système ?

 

Merci, Didier

 

RAPPORT KASPERSKY :

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, July 28, 2007 10:09:32 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 28/07/2007

Kaspersky Anti-Virus database records: 346230

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

 

Scan Statistics:

Total number of scanned objects: 93487

Number of viruses found: 5

Number of infected objects: 6 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:55:13

 

Infected Object Name / Virus Name / Last Action

C:\Avenger\perfc000.dat Infected: Backdoor.Win32.Small.os skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_DIDIER3.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_DIDIER3.log Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\utilisateur\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\utilisateur\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped

C:\Documents and Settings\utilisateur\Application Data\Spamihilator\SPAEC8.tmp.log Object is locked skipped

C:\Documents and Settings\utilisateur\Application Data\Spamihilator\SPAEC9.tmp.log Object is locked skipped

C:\Documents and Settings\utilisateur\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\Perflib_Perfdata_44c.dat Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF1171.tmp Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF2B15.tmp Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF2D1F.tmp Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF92.tmp Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\~DFA83A.tmp Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\~WRF0000.tmp Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temp\~WRS2701.tmp Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\utilisateur\Mes documents\Perso\Zebulon\Zebulon14.doc Object is locked skipped

C:\Documents and Settings\utilisateur\Mes documents\Perso\Zebulon\Zebulon14R.doc Object is locked skipped

C:\Documents and Settings\utilisateur\ntuser.dat Object is locked skipped

C:\Documents and Settings\utilisateur\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Sierra Wireless Inc\Watcher\SwiCardDetect.txt Object is locked skipped

C:\Program Files\SPYWAREfighter\spf.dat Object is locked skipped

C:\Program Files\SPYWAREfighter\spf.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634}\RP19\A0014002.exe Infected: Trojan.Win32.Pakes.aj skipped

C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634}\RP49\A0025567.exe Infected: Trojan.Win32.Agent.aia skipped

C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634}\RP49\A0025568.exe Infected: Trojan.Win32.Agent.aia skipped

C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634}\RP68\A0035187.sys Infected: Rootkit.Win32.Agent.ey skipped

C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634}\RP68\A0035194.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped

C:\System Volume Information\_restore{087F157E-23FB-4616-898C-D065FEFCA634}\RP71\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{F5B666EA-94FA-4079-86A6-2D8FC3C38BC8}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

FIN DU RAPPORT KASPERSKY

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Salut !

 

Effectivement ce sont des points de restaurations qui sont infectés :

 

fait ceci :

 

-Créer un point de restauration et supprimer les anciens !: (aide visuelle http://assiste.free.fr/p/comment/comment_a...stauration.html )

Cliquer avec le bouton droit sur l'icône Poste de travail, puis cliquer sur Propriétés.

Cliquer sur l'onglet «Restauration du système».

Sélectionner «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Cliquer sur Appliquer.

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, cliquer sur Oui.

Cliquer sur OK, redémarrer le PC. Faire l'opération inverse, et réactiver la restauration:un nouveau point sera automatiquement créé.

 

Pour ton problème de MAJ essai ceci :

 

La mise à jour du système :

Je te conseille vivement de mettre à jour ton système !

(Démarrer/Windows Update)

Le fait de mettre ton système à jour corrigera toutes les failles de sécurité utilisées par les virus et autres malwares !

Pour mettre en automatique faire ceci :

 

Démarrer > Exécuter et taper Services.msc puis OK

Choisir le mode "Etendu" (onglets inférieurs)

Grâce à la barre de défilement (à droite) rechercher le service suivant:

 

Mises à jour automatiques

 

Quand le service est trouvé, pointer dessus, double-cliquer (bouton gauche).

Dans la fenêtre suivante qui apparait, sous l'onglet Général cliquer sur le bouton Démarrer,

puis dérouler le Type de Démarrage pour le modifier en Automatique

Cliquer sur Appliquer puis OK

 

refait le scan en ligne pour verifier

 

A plus.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...