aide pour confirmation que PC n'est pas infecté

[amazone]

Bonjour,

 

Je pense que mon PC a été infecté par: Boot\BCD.LOG et suite à cela, j'ai procédé à plusieurs analyses, dont les rapports sont prêts à être analysés.

 

Donc, si quelqu'un est disponible pour en faire l'analyse, il me fera plaisir de faire suivre lesdits rapports.

 

- Analyse Antivir

- Analyse NOD32

- Analyse HijackThis

- Analyse HijackThis StartupLit

 

Merci pour l'aide que vous pouvez me donner.

[pear]

Bonsoir,

 

Postez les rapports que l' on puisse vous répondre.

[amazone]

Bonjour,

 

Merci pour votre aide:

 

- rapport 18 janvier 2009

C:\hiberfil.sys - error opening

C:\pagefile.sys - error opening

C:\Boot\BCD - error opening

C:\Boot\BCD.LOG - error opening

C:\Program Files\AGEIA Technologies\NVIDIA_PhysX_Help.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\ESP\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\PTB\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\ci.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\dig4x6.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\digbord.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\diggrey.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\fls30nmg.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\fls_digs.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\lbcul.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\letbord.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\letgrey.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\mp5x7e_c.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\mpletb_e.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\s.sqr » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\spchand.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\spcmach.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chandir.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chandir.idx - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chn.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chn.idx - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\D0000000.FCS - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\L0000002.FCS - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs.idx - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_die.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_die.idx - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_dnd.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_dnd.idx - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_ext.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_ext.idx - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_rcv.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_rcv.idx - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\storydb.dat - error opening

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\storydb.idx - error opening

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\gre\chrome\chromelist.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\gre\chrome\installed-chrome.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\lib\client.jar » ZIP » comm.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ESP\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\PTB\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero 7\Core\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img » GZIP » - archive damaged

C:\Program Files\Palm\gilber\Addit\BFUploads\UploadLog.txt » MIME - is OK (internal scanning not performed)

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\174f09036dea1ef9ee13e604a7a471e3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5bc7686c458a661df8425015392f5fb3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\174f09036dea1ef9ee13e604a7a471e3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5bc7686c458a661df8425015392f5fb3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening

C:\Users\Utilisateur\NTUSER.DAT - error opening

C:\Users\Utilisateur\ntuser.dat.LOG1 - error opening

C:\Users\Utilisateur\ntuser.dat.LOG2 - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Defender\FileTracker\{33BB04DA-49B4-4449-B474-9288B081B0AD} - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Deleted Items\4685664F-0000015C.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Deleted Items\7CDE3EA8-0000015B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\00294823-00000161.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\18BE6784-00000162.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\4AE13D6C-0000005B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\4AE13D6C-000000C9.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\60686C0F-0000015F.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\66542176-00000163.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000007.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\23B972CD-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\4AE13D6C-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\4AE13D6C-00000008.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\69525F90-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\00F61D0A-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\091D4E9D-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\16CE6321-0000000B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\296115A7-0000000C.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\30861BCF-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\34AC246C-00000008.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\39B32D12-0000000D.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\3C631CCB-00000007.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\3EB37772-0000000A.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\40F5678C-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\43377C6C-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\46ED025B-00000009.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\4AE13D6C-0000000E.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\5CDB3BA7-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\RECUP\6DC118DD-00000009.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\RECUP\71C9339B-00000036.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\00294823-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\12F577DA-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\564F0877-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\5F0331B9-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\5F1A1249-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\666708F3-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\049B5813-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Documents\Palm OS Desktop\gilber\Addit\BFUploads\UploadLog.txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Downloads\Sim City Société\NoCD\rld-sssc.7z » 7ZIP » - error reading archive

C:\Users\Utilisateur\Pictures\Divers\rose.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\bonneannee01.zip » ZIP » bonneannee01.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel02.zip » ZIP » noel02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel08.zip » ZIP » noel08.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel18.zip » ZIP » noel18.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel20.zip » ZIP » noel20.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noelmm02.zip » ZIP » noelmm02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\bonneannee01\bonneannee01.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel02\noel02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel08\noel08.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel18\noel18.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel20\noel20.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noelmm02\noelmm02.eml » MIME - is OK (internal scanning not performed)

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error opening

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error opening

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error opening

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error opening

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening

C:\Windows\System32\catroot2\edb.log - error opening

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening

C:\Windows\System32\config\COMPONENTS - error opening

C:\Windows\System32\config\COMPONENTS.LOG1 - error opening

C:\Windows\System32\config\COMPONENTS.LOG2 - error opening

C:\Windows\System32\config\DEFAULT - error opening

C:\Windows\System32\config\DEFAULT.LOG1 - error opening

C:\Windows\System32\config\DEFAULT.LOG2 - error opening

C:\Windows\System32\config\SAM - error opening

C:\Windows\System32\config\SAM.LOG1 - error opening

C:\Windows\System32\config\SAM.LOG2 - error opening

C:\Windows\System32\config\SECURITY - error opening

C:\Windows\System32\config\SECURITY.LOG1 - error opening

C:\Windows\System32\config\SECURITY.LOG2 - error opening

C:\Windows\System32\config\SOFTWARE - error opening

C:\Windows\System32\config\SOFTWARE.LOG1 - error opening

C:\Windows\System32\config\SOFTWARE.LOG2 - error opening

C:\Windows\System32\config\SYSTEM - error opening

C:\Windows\System32\config\SYSTEM.LOG1 - error opening

C:\Windows\System32\config\SYSTEM.LOG2 - error opening

C:\Windows\System32\config\RegBack\COMPONENTS - error opening

C:\Windows\System32\config\RegBack\DEFAULT - error opening

C:\Windows\System32\config\RegBack\SAM - error opening

C:\Windows\System32\config\RegBack\SECURITY - error opening

C:\Windows\System32\config\RegBack\SOFTWARE - error opening

C:\Windows\System32\config\RegBack\SYSTEM - error opening

C:\Windows\System32\it-IT\license_addendum_1.txt » MIME - is OK (internal scanning not performed)

C:\Windows\Temp\TMP00000043A88642391CB19406 - error opening

C:\Windows\winsxs\x86_microsoft-windows-l..-addendum.resources_31bf3856ad364e35_6.0.6001.18000_it-it_feeb11696cd59838\license_addendum_1.txt » MIME - is OK (internal scanning not performed)

 

- rapport 18 janvier 2009 - NOD32

Scan Log

Version of virus signature database: 3774 (20090117)

Date: 2009-01-17 Time: 22:37:13

Scanned disks, folders and files: C:\;D:\

C:\hiberfil.sys - error opening [4]

C:\pagefile.sys - error opening [4]

C:\$Recycle.Bin\S-1-5-21-1252441417-251962935-3020102017-1003\$RSFXT87.exe » NSIS » file.bin - error - unknown compression method

C:\Program Files\AGEIA Technologies\NVIDIA_PhysX_Help.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\ESP\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\PTB\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\ci.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\dig4x6.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\digbord.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\diggrey.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\fls30nmg.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\fls_digs.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\lbcul.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\letbord.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\letgrey.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\mp5x7e_c.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\mpletb_e.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\s.sqr » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\spchand.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\spcmach.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre1.6.0_07\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chandir.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chandir.idx - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chn.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\chn.idx - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\D0000000.FCS - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\L0000002.FCS - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs.idx - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_die.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_die.idx - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_dnd.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_dnd.idx - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_ext.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_ext.idx - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_rcv.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\prs_rcv.idx - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\storydb.dat - error opening [4]

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Utilisateur\Data\storydb.idx - error opening [4]

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\gre\chrome\chromelist.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\gre\chrome\installed-chrome.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\lib\client.jar » ZIP » comm.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ESP\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\PTB\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero 7\Core\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img » GZIP » - archive damaged

C:\Program Files\Palm\gilber\Addit\BFUploads\UploadLog.txt » MIME - is OK (internal scanning not performed)

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\174f09036dea1ef9ee13e604a7a471e3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening [4]

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5bc7686c458a661df8425015392f5fb3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\174f09036dea1ef9ee13e604a7a471e3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening [4]

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5bc7686c458a661df8425015392f5fb3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]

C:\Users\Utilisateur\NTUSER.DAT - error opening [4]

C:\Users\Utilisateur\ntuser.dat.LOG1 - error opening [4]

C:\Users\Utilisateur\ntuser.dat.LOG2 - error opening [4]

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Defender\FileTracker\{224BAFF8-D28C-4C06-98ED-7EC70BB8897B} - error opening [4]

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Deleted Items\4685664F-0000015C.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Deleted Items\7CDE3EA8-0000015B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\00294823-00000161.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\18BE6784-00000162.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\4AE13D6C-0000005B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\4AE13D6C-000000C9.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\60686C0F-0000015F.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000007.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\23B972CD-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\4AE13D6C-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\4AE13D6C-00000008.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\69525F90-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\00F61D0A-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\091D4E9D-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\16CE6321-0000000B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\296115A7-0000000C.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\30861BCF-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\34AC246C-00000008.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\39B32D12-0000000D.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\3C631CCB-00000007.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\3EB37772-0000000A.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\40F5678C-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\43377C6C-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\46ED025B-00000009.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\4AE13D6C-0000000E.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\5CDB3BA7-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\RECUP\6DC118DD-00000009.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\RECUP\71C9339B-00000036.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\00294823-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\12F577DA-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\564F0877-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\5F0331B9-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\5F1A1249-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\666708F3-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\049B5813-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Cookies\utilisateur@blogs.msdn[1].txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Cookies\utilisateur@www.costco[2].txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Cookies\utilisateur@www.guwiv[1].txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Cookies\utilisateur@www.investirdanslenfance[1].txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Desktop\ccsetup215.exe » NSIS » ytb.exe » NSIS » file.bin » NSIS » file.bin - error - unknown compression method

C:\Users\Utilisateur\Documents\Palm OS Desktop\gilber\Addit\BFUploads\UploadLog.txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Downloads\Sim City Société\NoCD\rld-sssc.7z » 7ZIP » - error reading archive

C:\Users\Utilisateur\Music\chiao bella rose.mp3 - WMA/TrojanDownloader.GetCodec.C trojan - cleaned by deleting - quarantined [1]

C:\Users\Utilisateur\Music\ne le dis peronne.mp3 - WMA/TrojanDownloader.GetCodec.C trojan - cleaned by deleting - quarantined [1]

C:\Users\Utilisateur\Pictures\Divers\rose.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\bonneannee01.zip » ZIP » bonneannee01.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel02.zip » ZIP » noel02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel08.zip » ZIP » noel08.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel18.zip » ZIP » noel18.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel20.zip » ZIP » noel20.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noelmm02.zip » ZIP » noelmm02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\bonneannee01\bonneannee01.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel02\noel02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel08\noel08.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel18\noel18.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel20\noel20.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noelmm02\noelmm02.eml » MIME - is OK (internal scanning not performed)

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error opening [4]

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error opening [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error opening [4]

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error opening [4]

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]

C:\Windows\System32\catroot2\edb.log - error opening [4]

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]

C:\Windows\System32\config\COMPONENTS - error opening [4]

C:\Windows\System32\config\COMPONENTS.LOG1 - error opening [4]

C:\Windows\System32\config\COMPONENTS.LOG2 - error opening [4]

C:\Windows\System32\config\DEFAULT - error opening [4]

C:\Windows\System32\config\DEFAULT.LOG1 - error opening [4]

C:\Windows\System32\config\DEFAULT.LOG2 - error opening [4]

C:\Windows\System32\config\SAM - error opening [4]

C:\Windows\System32\config\SAM.LOG1 - error opening [4]

C:\Windows\System32\config\SAM.LOG2 - error opening [4]

C:\Windows\System32\config\SECURITY - error opening [4]

C:\Windows\System32\config\SECURITY.LOG1 - error opening [4]

C:\Windows\System32\config\SECURITY.LOG2 - error opening [4]

C:\Windows\System32\config\SOFTWARE - error opening [4]

C:\Windows\System32\config\SOFTWARE.LOG1 - error opening [4]

C:\Windows\System32\config\SOFTWARE.LOG2 - error opening [4]

C:\Windows\System32\config\SYSTEM - error opening [4]

C:\Windows\System32\config\SYSTEM.LOG1 - error opening [4]

C:\Windows\System32\config\SYSTEM.LOG2 - error opening [4]

C:\Windows\System32\config\RegBack\COMPONENTS - error opening [4]

C:\Windows\System32\config\RegBack\DEFAULT - error opening [4]

C:\Windows\System32\config\RegBack\SAM - error opening [4]

C:\Windows\System32\config\RegBack\SECURITY - error opening [4]

C:\Windows\System32\config\RegBack\SOFTWARE - error opening [4]

C:\Windows\System32\config\RegBack\SYSTEM - error opening [4]

C:\Windows\System32\config\systemprofile\ntuser.dat - error opening [4]

C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - error opening [4]

C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2 - error opening [4]

C:\Windows\System32\GroupPolicyManifest\1.music.mp3 - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined

C:\Windows\System32\GroupPolicyManifest\10.setup.zip » ZIP » setup.exe - a variant of Win32/Agent.OAF trojan - was a part of the deleted object

C:\Windows\System32\GroupPolicyManifest\11.unpack.zip » ZIP » unpack.exe - a variant of Win32/Agent.OAF trojan - was a part of the deleted object

C:\Windows\System32\GroupPolicyManifest\12.limepro.zip » ZIP » lime_pro_xmas_gift.exe - a variant of Win32/Agent.OAF trojan - was a part of the deleted object

C:\Windows\System32\GroupPolicyManifest\13.keygen.zip » ZIP » keygen.exe - a variant of Win32/Agent.OAF trojan - was a part of the deleted object

C:\Windows\System32\GroupPolicyManifest\2.crack.zip » ZIP » crack.exe - a variant of Win32/Agent.OAF trojan - was a part of the deleted object

C:\Windows\System32\GroupPolicyManifest\8.mpgvideo.mpg - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined

C:\Windows\System32\GroupPolicyManifest\9.remix.mp3 - a variant of WMA/TrojanDownloader.GetCodec.gen trojan - cleaned - quarantined

C:\Windows\System32\it-IT\license_addendum_1.txt » MIME - is OK (internal scanning not performed)

C:\Windows\System32\SMI\Store\Machine\schema.dat - error opening [4]

C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 - error opening [4]

C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 - error opening [4]

C:\Windows\Temp\TMP0000006D5139C15555AF9AD8 - error opening [4]

C:\Windows\winsxs\x86_microsoft-windows-l..-addendum.resources_31bf3856ad364e35_6.0.6001.18000_it-it_feeb11696cd59838\license_addendum_1.txt » MIME - is OK (internal scanning not performed)

D:\Nokia N810 Backup\Sauvegarde04\settings.zip » ZIP » Root/home/user/.mozilla/microb/extensions/components-installer@extensions.mozilla.org/chrome.manifest » MIME - is OK (internal scanning not performed)

D:\Nokia N810 Backup\Sauvegarde05\settings.zip » ZIP » Root/home/user/.osso/tutorial/tutorial/extensions/components-installer@extensions.mozilla.org/chrome.manifest » MIME - is OK (internal scanning not performed)

D:\Nokia N810 Backup\Sauvegarde05\settings.zip » ZIP » Root/home/user/.mozilla/microb/extensions/components-installer@extensions.mozilla.org/chrome.manifest » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Jeux\Mahjongg\kitbois.exe » NSIS - bad archive

D:\Old Ordi Lynn Nov 2007\Archives_Line\Jeux\Mahjongg\kitgrandmonde.exe » NSIS - bad archive

D:\Old Ordi Lynn Nov 2007\Archives_Line\Jeux\Mahjongg\kitmodern.exe » NSIS - bad archive

D:\Old Ordi Lynn Nov 2007\Archives_Line\Jeux\Mahjongg\mahjongg.exe » NSIS - bad archive

D:\Old Ordi Lynn Nov 2007\Archives_Line\Logiciels Divers\Change Folder Icone\new-xp-folders.zip » ZIP » new xp folders.icl - archive damaged

D:\Old Ordi Lynn Nov 2007\Archives_Line\Logiciels Divers\PhotoFiltre\pf-setup.exe » NSIS » Licence.txt » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Logiciels Divers\SoftNotes2005\softnote2005.zip » ZIP » Licence.txt » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Logiciels Divers\SoftNotes2005\softnote2005\Licence.txt » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\chevaux.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\dame03.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\bonneannee01.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noel02.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noel08.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noel18.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noelch07.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noelch09.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noelch12.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noelmm02.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\Papier à lettre2\Noel\noelmm03.eml » MIME - is OK (internal scanning not performed)

D:\Old Ordi Lynn Nov 2007\Archives_Line\PC Jeux et Patch\City_Life\Pack1\City Life_BonusPack1.zip » ZIP » Exporter/City_Life_Building_Exporter.zip » ZIP » Viewer-Exporter_Max_7_2.031.exe » NSIS - bad archive

Number of scanned objects: 938107

Number of threats found: 10

Number of cleaned objects: 10

Time of completion: 00:30:40 Total scanning time: 6807 sec (01:53:27)

 

Notes:

[1] Object has been deleted as it only contained the virus body.

[4] Object cannot be opened. It may be in use by another application or operating system.

 

- rapport 19 janvier 2009

C:\hiberfil.sys - error opening

C:\pagefile.sys - error opening

C:\$Recycle.Bin\S-1-5-21-1252441417-251962935-3020102017-1003\$R1T1CK1.exe » NSIS » ytb.exe » NSIS » file.bin - error - unknown compression method

C:\$Recycle.Bin\S-1-5-21-1252441417-251962935-3020102017-1003\$R1T1CK1.exe » NSIS » ytb.exe » NSIS » file.bin - error - unknown compression method

C:\$Recycle.Bin\S-1-5-21-1252441417-251962935-3020102017-1003\$R1T1CK1.exe » NSIS » ytb.exe » NSIS » file.bin » NSIS » file.bin - error - unknown compression method

C:\$Recycle.Bin\S-1-5-21-1252441417-251962935-3020102017-1003\$R1T1CK1.exe » NSIS » ytb.exe » NSIS » file.bin » NSIS » file.bin - error - unknown compression method

C:\Program Files\AGEIA Technologies\NVIDIA_PhysX_Help.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\ESP\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\PTB\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\ci.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\dig4x6.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\digbord.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\diggrey.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\fls30nmg.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\fls_digs.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\lbcul.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\letbord.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\letgrey.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\mp5x7e_c.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\mpletb_e.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\s.sqr » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\spchand.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Evernote\Evernote3\AIR\FieldScript\Data\spcmach.lnt » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\gre\chrome\chromelist.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\gre\chrome\installed-chrome.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\Logitech Harmony Remote Software 7\lib\client.jar » ZIP » comm.properties » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ESP\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\PTB\license.txt » MIME - is OK (internal scanning not performed)

C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero 7\Core\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)

C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img » GZIP » - archive damaged

C:\Program Files\Palm\gilber\Addit\BFUploads\UploadLog.txt » MIME - is OK (internal scanning not performed)

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\174f09036dea1ef9ee13e604a7a471e3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5bc7686c458a661df8425015392f5fb3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\174f09036dea1ef9ee13e604a7a471e3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5bc7686c458a661df8425015392f5fb3_febbba4b-de0f-4222-93b7-221f09bbc611 - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening

C:\Users\Utilisateur\NTUSER.DAT - error opening

C:\Users\Utilisateur\ntuser.dat.LOG1 - error opening

C:\Users\Utilisateur\ntuser.dat.LOG2 - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Defender\FileTracker\{410AD257-713B-4900-AEC9-E1956D47955A} - error opening

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Deleted Items\111670F9-00000160.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Deleted Items\115E3BB5-0000015E.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Deleted Items\74241B1A-0000015F.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\00294823-00000161.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\18BE6784-00000162.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\4AE13D6C-0000005B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\4AE13D6C-000000C9.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\60686C0F-0000015F.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Inbox\66542176-00000163.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\00294823-00000007.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\23B972CD-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\4AE13D6C-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\4AE13D6C-00000008.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Globetrotte a8f\Sent Items\69525F90-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\00F61D0A-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\091D4E9D-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\16CE6321-0000000B.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\296115A7-0000000C.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\30861BCF-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\34AC246C-00000008.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\39B32D12-0000000D.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\3C631CCB-00000007.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\3EB37772-0000000A.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\40F5678C-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\43377C6C-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\46ED025B-00000009.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\4AE13D6C-0000000E.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (in e51\Éléments en f3e\5CDB3BA7-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\RECUP\6DC118DD-00000009.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\RECUP\71C9339B-00000036.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\00294823-00000002.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\12F577DA-00000005.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\564F0877-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\5F0331B9-00000004.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\5F1A1249-00000003.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Hotmail (mi 73a\Éléments en ae1\666708F3-00000006.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\049B5813-00000001.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Cookies\utilisateur@www.guwiv[2].txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Documents\Palm OS Desktop\gilber\Addit\BFUploads\UploadLog.txt » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Downloads\Sim City Société\NoCD\rld-sssc.7z » 7ZIP » - error reading archive

C:\Users\Utilisateur\Pictures\Divers\rose.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\bonneannee01.zip » ZIP » bonneannee01.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel02.zip » ZIP » noel02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel08.zip » ZIP » noel08.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel18.zip » ZIP » noel18.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel20.zip » ZIP » noel20.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noelmm02.zip » ZIP » noelmm02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\bonneannee01\bonneannee01.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel02\noel02.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel08\noel08.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel18\noel18.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noel20\noel20.eml » MIME - is OK (internal scanning not performed)

C:\Users\Utilisateur\Pictures\Themes\Noel\noelmm02\noelmm02.eml » MIME - is OK (internal scanning not performed)

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error opening

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error opening

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error opening

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error opening

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening

C:\Windows\System32\catroot2\edb.log - error opening

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening

C:\Windows\System32\config\COMPONENTS - error opening

C:\Windows\System32\config\COMPONENTS.LOG1 - error opening

C:\Windows\System32\config\COMPONENTS.LOG2 - error opening

C:\Windows\System32\config\DEFAULT - error opening

C:\Windows\System32\config\DEFAULT.LOG1 - error opening

C:\Windows\System32\config\DEFAULT.LOG2 - error opening

C:\Windows\System32\config\SAM - error opening

C:\Windows\System32\config\SAM.LOG1 - error opening

C:\Windows\System32\config\SAM.LOG2 - error opening

C:\Windows\System32\config\SECURITY - error opening

C:\Windows\System32\config\SECURITY.LOG1 - error opening

C:\Windows\System32\config\SECURITY.LOG2 - error opening

C:\Windows\System32\config\SOFTWARE - error opening

C:\Windows\System32\config\SOFTWARE.LOG1 - error opening

C:\Windows\System32\config\SOFTWARE.LOG2 - error opening

C:\Windows\System32\config\SYSTEM - error opening

C:\Windows\System32\config\SYSTEM.LOG1 - error opening

C:\Windows\System32\config\SYSTEM.LOG2 - error opening

C:\Windows\System32\config\RegBack\COMPONENTS - error opening

C:\Windows\System32\config\RegBack\DEFAULT - error opening

C:\Windows\System32\config\RegBack\SAM - error opening

C:\Windows\System32\config\RegBack\SECURITY - error opening

C:\Windows\System32\config\RegBack\SOFTWARE - error opening

C:\Windows\System32\config\RegBack\SYSTEM - error opening

C:\Windows\System32\it-IT\license_addendum_1.txt » MIME - is OK (internal scanning not performed)

C:\Windows\Temp\TMP0000003B491D05DF18862CD3 - error opening

C:\Windows\winsxs\x86_microsoft-windows-l..-addendum.resources_31bf3856ad364e35_6.0.6001.18000_it-it_feeb11696cd59838\license_addendum_1.txt » MIME - is OK (internal scanning not performed)

 

- rapport ANTIVIR 20 janvier 2009

 

 

Avira AntiVir Personal

Report file date: 19 janvier 2009 20:28

 

Scanning for 1230368 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows Vista

Windows version: (Service Pack 1) [6.0.6001]

Boot mode: Normally booted

Username: Utilisateur

Computer name: PC-DE-IMPOTRIM

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 14:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 17:30:36

ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 2009-01-14 01:01:16

ANTIVIR2.VDF : 7.1.1.114 2048 Bytes 2009-01-14 01:01:17

ANTIVIR3.VDF : 7.1.1.142 385024 Bytes 2009-01-19 01:01:18

Engineversion : 8.2.0.57

AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 16:05:56

AESCRIPT.DLL : 8.1.1.26 340347 Bytes 2009-01-20 01:01:26

AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-07 21:06:41

AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 19:58:38

AEPACK.DLL : 8.1.3.5 393588 Bytes 2009-01-20 01:01:25

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2009-01-20 01:01:24

AEHEUR.DLL : 8.1.0.84 1540471 Bytes 2009-01-20 01:01:22

AEHELP.DLL : 8.1.2.0 119159 Bytes 2009-01-20 01:01:20

AEGEN.DLL : 8.1.1.10 323957 Bytes 2009-01-20 01:01:19

AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 16:05:56

AECORE.DLL : 8.1.5.2 172405 Bytes 2009-01-20 01:01:18

AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 16:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 18:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, F:, G:, H:, I:, E:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: 19 janvier 2009 20:28

 

Starting search for hidden objects.

'355125' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'java.exe' - '1' Module(s) have been scanned

Scan process 'jp2launcher.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned

Scan process 'mobsync.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned

Scan process 'ekrn.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'COCIManager.exe' - '1' Module(s) have been scanned

Scan process 'slpcap.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'Hotsync.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'sidebar.exe' - '1' Module(s) have been scanned

Scan process 'LVComSX.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'egui.exe' - '1' Module(s) have been scanned

Scan process 'ipoint.exe' - '1' Module(s) have been scanned

Scan process 'itype.exe' - '1' Module(s) have been scanned

Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned

Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned

Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SLsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

67 processes with 67 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

[iNFO] Please restart the search with Administrator rights

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

[iNFO] Please restart the search with Administrator rights

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

[iNFO] Please restart the search with Administrator rights

Master boot sector HD5

[iNFO] No virus was found!

[WARNING] System error [21]: Le périphérique n'est pas prêt.

[iNFO] Please restart the search with Administrator rights

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] In the drive 'F:\' no data medium is inserted!

Boot sector 'G:\'

[iNFO] In the drive 'G:\' no data medium is inserted!

Boot sector 'H:\'

[iNFO] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[iNFO] In the drive 'I:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '53' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Vista_Ultimate_F>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\$Recycle.Bin\S-1-5-21-1252441417-251962935-3020102017-1003\$RYDEQE0\nocd v1.0\rev-baco.rar

[0] Archive type: RAR

--> Crack\BuildingAndCo.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '49eb2fdb.qua'!

C:\Windows\System32\ACB.tmp

[DETECTION] Is the TR/Dldr.Agent.bdf Trojan

[NOTE] The file was moved to '49b7377f.qua'!

C:\Windows\System32\GroupPolicyManifest\1.music.mp3

[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan

[NOTE] The file was moved to '49e2395c.qua'!

C:\Windows\System32\GroupPolicyManifest\9.remix.mp3

[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan

[NOTE] The file was moved to '49e73dfc.qua'!

Begin scan in 'D:\' <Data _line>

D:\Old Ordi Lynn Nov 2007\Archives_Line\PC Jeux et Patch\RCT2WackyWorld\NoCD_RCT2WW\flt-r2ww.rar

[0] Archive type: RAR

--> Rct2.exe

[DETECTION] Is the TR/Dloader.EJIX Trojan

[WARNING] The file was ignored!

D:\Old Ordi Lynn Nov 2007\Archives_Line\PC Jeux et Patch\RCT2WackyWorld\NoCD_RCT2WW\flt-r2ww\Rct2.exe

[DETECTION] Is the TR/Dloader.EJIX Trojan

[WARNING] The file was ignored!

D:\Transport Giant\NOV 2007 - TrGiant - index\TG config et mod Versions\TG config et mod Original\TG-MOD030.exe

[0] Archive type: CAB SFX (self extracting)

--> \config\1_citynames.TXT

[WARNING] No further files can be extracted from this archive. The archive will be closed

Begin scan in 'F:\'

Search path F:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'G:\'

Search path G:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'H:\'

Search path H:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'I:\'

Search path I:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

Begin scan in 'E:\'

Search path E:\ could not be opened!

System error [21]: Le périphérique n'est pas prêt.

 

 

End of the scan: 19 janvier 2009 22:55

Used time: 2:27:06 Hour(s)

 

The scan has been done completely.

 

82356 Scanning directories

867065 Files were scanned

6 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

867057 Files not concerned

5795 Archives were scanned

9 Warnings

4 Notes

355125 Objects were scanned with rootkit scan

0 Hidden objects were found

 

- rapport hijackthis.log 20 janvier 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:53:16, on 2009-01-20

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Palm\Hotsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.6\slpcap.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\System32\mobsync.exe

C:\Users\Utilisateur\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radio-canada.ca/nouvelles/national/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SmartCapture.lnk = C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.6\slpcap.exe

O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O13 - Gopher Prefix:

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

 

--

End of file - 8347 bytes

 

 

- rapport HijackThis StartupList 20 janvier 2009

StartupList report, 2009-01-20, 10:58:30

StartupList version: 1.52.2

Started from : C:\Users\Utilisateur\Desktop\HiJackThis.EXE

Detected: Windows Vista SP1 (WinNT 6.00.1905)

Detected: Internet Explorer v7.00 (7.00.6001.18000)

* Using default options

==================================================

 

Running processes:

 

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Palm\Hotsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.6\slpcap.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\System32\mobsync.exe

C:\Users\Utilisateur\Desktop\HiJackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]

Palm Registration.lnk = C:\Program Files\Palm\register.exe

 

Shell folders Common Startup:

[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]

HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

SmartCapture.lnk = C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.6\slpcap.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\Windows\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime

LogitechCommunicationsManager = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

itype = "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"

avgnt = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

ehTray.exe = C:\Windows\ehome\ehTray.exe

WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

=

 

--------------------------------------------------

 

Shell & screensaver key from C:\Windows\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=explorer.exe

SCRNSAVE.EXE=C:\Windows\system32\logon.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}

(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave ActiveX Control]

InProcServer32 = C:\Windows\system32\Adobe\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[ExentInf Class]

InProcServer32 = C:\Windows\Downloaded Program Files\ExentCtl.ocx

 

[{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}]

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\Windows\system32\NLAapi.dll

NameSpace #2: C:\Windows\system32\napinsp.dll

NameSpace #3: C:\Windows\system32\pnrpnsp.dll

NameSpace #4: C:\Windows\system32\pnrpnsp.dll

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\Windows\system32\webcheck.dll

 

--------------------------------------------------

End of report, 7 391 bytes

Report generated in 0,062 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

............

 

Question additionnelle: - Antivir a détecté ces fichiers et je les ai mis en quarantaine, est-ce que je peux les détruire:

C:\Windows\System32\ACB.tmp

[DETECTION] Is the TR/Dldr.Agent.bdf Trojan

[NOTE] The file was moved to '49b7377f.qua'!

C:\Windows\System32\GroupPolicyManifest\1.music.mp3

[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan

[NOTE] The file was moved to '49e2395c.qua'!

C:\Windows\System32\GroupPolicyManifest\9.remix.mp3

[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan

[NOTE] The file was moved to '49e73dfc.qua'

 

Vous remerciant à l'avance pour votre aide ,

Modifié le 21 janvier 2009 par amazone

[pear]

Bonjour,

 

Avant tout, veuillez m'excuser pour n'avoir pas vu votre réponse.

 

Antivir a détecté ces fichiers et je les ai mis en quarantaine, est-ce que je peux les détruire:

Oui.

Il n'y pas trace d'autres infections.

Vous avez 2 antivirus résidents(actifs en arrière plan).Si vous gardez les deux, il vous faut en désactiver un.