Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

analyse antivir et log hijack

wardog92

Par wardog92
dans Analyses et éradication malwares

 Partager

Messages recommandés

wardog92 Member

wardog92

Posté(e)
Posté(e)

Salut à tous!

 

Me voila de retour mais sur le PC de mon père (bonne fête!). Pas de problème en gros mais juste pour savoir s'il y'a pas trop de merdes dessus suite aux passages sauvages des p'tits neveus ki téléchargent tout et n'importe koi! Je lui ai fait un p'tit scan avec AntiVir en mode sans échec et un p'tit log avec HijackThis! Juste pour savoir s'il y a des trucs ki clochent dessus.Il y a aussi un problem avec la cam mais on y viendra un peu plus tard. A la suite je vous mets les 2 rapports:

 

 

AntiVir PersonalEdition Classic

Report file date: samedi 17 juin 2006 17:44

 

Scanning for 409240 virus strains and unwanted programs.

 

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 1) [5.1.2600]

Username: Propriétaire

Computer name: NOM-FHA60KKNN64

 

Version informations:

AVSCAN.EXE : 7.0.0.42 376872 17/06/2006 14:49:59

AVSCAN.DLL : 7.0.0.42 53288 17/06/2006 14:49:59

LUKE.DLL : 7.0.0.42 110632 17/06/2006 14:50:01

LUKERES.DLL : 7.0.0.42 25640 17/06/2006 14:50:01

ANTIVIR0.VDF : 6.35.0.1 7371264 17/06/2006 14:49:56

ANTIVIR1.VDF : 6.35.0.5 2048 17/06/2006 14:49:57

ANTIVIR2.VDF : 6.35.0.33 173568 17/06/2006 14:49:57

ANTIVIR3.VDF : 6.35.0.42 16384 17/06/2006 14:49:57

AVEWIN32.DLL : 7.1.0.13 1536512 17/06/2006 14:49:57

AVPREF.DLL : 7.0.0.1 33832 17/06/2006 14:49:58

AVREP.DLL : 6.35.0.2 454696 17/06/2006 14:49:59

AVRPBASE.DLL : 7.0.0.0 1544232 17/06/2006 14:49:59

AVPACK32.DLL : 7.1.0.1 331816 17/06/2006 14:49:58

AVREG.DLL : 6.31.0.90 25128 17/06/2006 14:49:58

NETNT.DLL : 6.32.0.0 6696 17/06/2006 14:50:02

NETNW.DLL : 6.32.0.0 9768 17/06/2006 14:50:02

RCIMAGE.DLL : 7.0.0.71 1642536 17/06/2006 14:50:05

RCTEXT.DLL : 7.0.0.75 77864 17/06/2006 14:50:05

 

Configuration settings for the scan:

Jobname: '%s'.................: Manual Selection

Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Boot sectors..................: A,C,D,E,F

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,

Macro heuristic...............: 1

File heuristic................: 3

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: samedi 17 juin 2006 17:44

 

 

The scan over running processes will be started

12 Processes was scanned

 

Start scanning boot sectors:

 

Boot sector 'A:\'

[NOTE] In the drive 'A:\' no data medium is inserted!

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 36 files ).

 

 

Starting the file scan:

 

The path A:\ could not be found!

Le périphérique n'est pas prêt.

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

[WARNING] The file could not be opened!

C:\Documents and Settings\Default User\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]40.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]44.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]48.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]96.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]102.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]110.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]134.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]142.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]162.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]164.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]168.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]176.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]184.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]372.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]402.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]406.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\Documents and Settings\Default User\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust Bank <custservice_id_980620@southtru][subject: SouthTrust Bank security maintenance]26.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: andre.duval10@wanadoo.fr][subject: Re: document]28.mim

[DETECTION] Contains signature of the worm WORM/Netsky.X

[1] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.X

--> Mailbox_[From: SouthTrust Bank <custservice_578127576@southtru][subject: SouthTrust Bank - Urgent Security Notice [sat, ]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]86.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]90.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]98.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]114.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]156.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]158.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]170.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]190.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]200.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]216.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]220.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]222.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]234.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]260.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]450.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]480.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]490.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\Documents and Settings\Propriétaire\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\Propriétaire\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]40.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]44.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]48.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]96.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]102.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]110.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]134.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]142.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]162.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]164.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]168.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]176.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]184.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]372.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]402.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]406.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: extincteur@hotmail.com][subject: Mail Delivery (failure w.widendaele@tiscali.fr)]416.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> message.scr

[DETECTION] Contains signature of the worm WORM/NetSky.P

--> Mailbox_[From: tmadisclaire@wanadoo.fr][subject: Mail Delivery (failure w.widendaele@tiscali.fr)]418.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> message.scr

[DETECTION] Contains signature of the worm WORM/NetSky.P

--> Mailbox_[From: support@symantec.com][subject: Re: Virus Sample]420.mim

[1] Archive type: MIME

--> signature.zip

[DETECTION] Contains signature of the worm WORM/NetSky.P

[2] Archive type: ZIP

--> details.txt .pif

[DETECTION] Contains signature of the worm WORM/NetSky.P

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]596.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: robert.dedieu@free.fr][subject: Re: Your bill]686.mim

[1] Archive type: MIME

--> your_bill.pif

[DETECTION] Contains signature of the worm WORM/Netsky.K

--> Mailbox_[From: info@adc-soft.com][subject: smtp mail failed]764.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: hostmaster@cegetel.net][subject: Mail delivery failed]772.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]782.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@presence-pc.com][subject: Mail delivery failed]786.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: postman@semimarathon-lille.com][subject: Your_Password]800.mim

[1] Archive type: MIME

--> reg_pass.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: modeste04a@infonie.fr][subject: hi,_ive_a_new_mail_address]820.mim

[1] Archive type: MIME

--> mailtext.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: info@fr.ibm.com][subject: Paris Hilton & Nicole Richie]830.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: office@wanadoo.fr][subject: Paris Hilton & Nicole Richie]858.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: Mail@fbi.gov][subject: You visit illegal websites]862.mim

[1] Archive type: MIME

--> question_list.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]864.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]880.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@freesbee.fr][subject: Mail delivery failed]890.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]892.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]910.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Alsg.jpcabret" <alsg.jpcabret@wanadoo.fr>][subject: Registration is accepted]1254.mim

[1] Archive type: MIME

--> zupd02.zip

[2] Archive type: ZIP

--> tjzxtsl.exe

[DETECTION] Contains signature of the worm WORM/Bagle.FH

--> Mailbox_[From: "VISA Service" <VisaService@visa.com>][subject: Attention! Several VISA Credit Card bases have ]1360.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]1628.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: CitiBusiness Security Staff <securitystaff@citi][subject: CitiBusiness department banking software change]1666.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

--> cblogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.A

--> citilogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.B

--> Mailbox_[From: MidAmerica Bank <pw-conf@midamerica.com>][subject: Update account information]2670.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

--> Mailbox_[From: MidAmerica Bank <aw-conf@midamerica.com>][subject: Security Measures]2674.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[WARNING] The file was ignored!

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]194.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: robert.dedieu@free.fr][subject: Re: Your bill]276.mim

[1] Archive type: MIME

--> your_bill.pif

[DETECTION] Contains signature of the worm WORM/Netsky.K

--> Mailbox_[From: info@adc-soft.com][subject: smtp mail failed]352.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: hostmaster@cegetel.net][subject: Mail delivery failed]356.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]382.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@presence-pc.com][subject: Mail delivery failed]390.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: postman@semimarathon-lille.com][subject: Your_Password]402.mim

[1] Archive type: MIME

--> reg_pass.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: modeste04a@infonie.fr][subject: hi,_ive_a_new_mail_address]416.mim

[1] Archive type: MIME

--> mailtext.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: info@fr.ibm.com][subject: Paris Hilton & Nicole Richie]422.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: office@wanadoo.fr][subject: Paris Hilton & Nicole Richie]452.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: Mail@fbi.gov][subject: You visit illegal websites]456.mim

[1] Archive type: MIME

--> question_list.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]458.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]478.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@freesbee.fr][subject: Mail delivery failed]484.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]486.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]504.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Alsg.jpcabret" <alsg.jpcabret@wanadoo.fr>][subject: Registration is accepted]874.mim

[1] Archive type: MIME

--> zupd02.zip

[2] Archive type: ZIP

--> tjzxtsl.exe

[DETECTION] Contains signature of the worm WORM/Bagle.FH

--> Mailbox_[From: "VISA Service" <VisaService@visa.com>][subject: Attention! Several VISA Credit Card bases have ]978.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]1248.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: CitiBusiness Security Staff <securitystaff@citi][subject: CitiBusiness department banking software change]1296.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

--> cblogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.A

--> citilogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.B

--> Mailbox_[From: MidAmerica Bank <pw-conf@midamerica.com>][subject: Update account information]2274.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

--> Mailbox_[From: MidAmerica Bank <aw-conf@midamerica.com>][subject: Security Measures]2306.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[WARNING] The file was ignored!

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\zipo0.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.3

[iNFO] The file was deleted!

C:\WINDOWS\zipo1.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.4

[iNFO] The file was deleted!

C:\WINDOWS\zipo2.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.5

[iNFO] The file was deleted!

C:\WINDOWS\zipo3.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.5

[iNFO] The file was deleted!

C:\WINDOWS\system32\EGDACCESS.dll

[DETECTION] Contains signature of the dial-up program DIAL/301999

[iNFO] The file was deleted!

C:\WINDOWS\system32\EGDACCESS_1055.dll

[DETECTION] Contains signature of the dial-up program DIAL/61440.A

[iNFO] The file was deleted!

C:\WINDOWS\system32\EGDACCESS_1057.dll

[DETECTION] Contains signature of the dial-up program DIAL/301999

[iNFO] The file was deleted!

C:\WINDOWS\system32\osconfig.dll

[DETECTION] Contains signature of the SPR/MarketScode.C program

[iNFO] The file was deleted!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]40.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]44.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]48.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]96.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]102.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]110.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]134.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]142.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]162.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]164.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]168.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]176.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]184.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]372.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]402.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]406.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust Bank <custservice_id_980620@southtru][subject: SouthTrust Bank security maintenance]26.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: andre.duval10@wanadoo.fr][subject: Re: document]28.mim

[DETECTION] Contains signature of the worm WORM/Netsky.X

[1] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.X

--> Mailbox_[From: SouthTrust Bank <custservice_578127576@southtru][subject: SouthTrust Bank - Urgent Security Notice [sat, ]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]86.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]90.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]98.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]114.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]156.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]158.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]170.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]190.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]200.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]216.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]220.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]222.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]234.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]260.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]450.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]480.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]490.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

[DETECTION] Contains suspicious code HEUR/Trojan.Keylogger

[iNFO] The file was deleted!

The path E:\ could not be found!

Le périphérique n'est pas prêt.

 

The path F:\ could not be found!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: samedi 17 juin 2006 21:08

Used time: 3:23:33 min

 

The scan has been done completely.

 

8168 Scanning directories

372779 Files were scanned

182 viruses and/or unwanted programs was found

9 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

24015 Archives were scanned

22 Warnings

0 Notes

 

Pendant le scan, il est tombé sur bocou de mails (Y'A KE CA EN FAIT! LOL!!) ki lui était impossible à réparer ou supprimer, comment faire pour les traiter?

 

Logfile of HijackThis v1.99.1

Scan saved at 23:14:59, on 17/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\USB Storage RW\shwicon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Advanced Messenger Plus\AdvMsg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe

O4 - Global Startup: Advanced Messenger Plus.lnk = C:\Program Files\Advanced Messenger Plus\AdvMsg.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

 

merci d'avance!

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour wardog92 !

 

Le log antivir montre qu'il faut faire un sérieux ménage dans les Mails !

=> Sauvegarde tous les mails importants et sur à 100% puis supprime tout le reste !!

 

Ensuite le rapport HJT montre que le système n'est pas à jour et qu'il n'y as pas de parefeu ! :P

 

On verra ca plus tard !

 

 

Peut tu faire un scan en ligne ici STP ?

http://www.kaspersky.com/virusscanner

Et poste le rapport ici .

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

A plus !

  • 4 semaines après...
wardog92 Member

wardog92

Posté(e)
  • Auteur
Posté(e)

salut régis56! comment va?

me voila de retour sur le PC de mon père. ci-dessous je t'envoie le rapport d'analyse avec kaspersky que tu m'a demandé.

 

KASPERSKY ON-LINE SCANNER - RAPPORT

dimanche 16 juillet 2006 15:30:10

Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)

Version de Kaspersky On-line Scanner: 5.0.78.0

Dernière mise à jour de la base antivirus Kaspersky : 16/07/2006

Enregistrements dans la base antivirus Kaspersky : 207694

 

 

Paramètres d'analyse

Analyser avec la base antivirus suivante étendue

Analyser les archives vrai

Analyser les bases de messagerie. vrai

 

Cible de l'analyse Poste de travail

A:\

C:\

D:\

E:\

F:\

 

Statistiques de l'analyse

Total d'objets analysés : 96413

Nombre de virus trouvés 14

Nombre d'objets infectés 143

Nombre d'objets suspects 24

Durée de l'analyse 01:26:33

 

Nom de l'objet infecté Nom du virus Dernière action

C:\Documents and Settings\Administrateur\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_clint.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Administrateur\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_htm.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Administrateur\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Administrateur\Mes documents\netant\setup.exe ZIP: infecté - 3 ignoré

 

C:\Documents and Settings\Administrateur.NOM-FHA60KKNN64\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_clint.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Administrateur.NOM-FHA60KKNN64\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_htm.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Administrateur.NOM-FHA60KKNN64\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Administrateur.NOM-FHA60KKNN64\Mes documents\netant\setup.exe ZIP: infecté - 3 ignoré

 

C:\Documents and Settings\Default User\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_clint.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Default User\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_htm.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Default User\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Default User\Mes documents\netant\setup.exe ZIP: infecté - 3 ignoré

 

C:\Documents and Settings\Invité\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_clint.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Invité\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_htm.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Invité\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Invité\Mes documents\netant\setup.exe ZIP: infecté - 3 ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Mon, 13 Jun 2005 16:02:48 +0200 (CEST)]/document.pif Infecté: Email-Worm.Win32.NetSky.y ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Mon, 20 Jun 2005 19:07:02 +0200 (CEST)]/document.pif Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[ .. ... /[From berrard.j.jacques@wanodoo.fr][Date Wed, 22 Jun 2005 14:38:05 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[ .. ... /[From berrard.j.jacques@wanodoo.fr][Date Wed, 22 Jun 2005 14:38:05 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-D ... /data.rtf .scr Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wa ... /[From w.widendaele@tiscali.fr][Date Fri, 1 Jul 2005 19:00:11 +0200]/details.zip Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Fri, 1 Jul 2005 18:58:50 +0200 (C ... /UNNAMED Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ ... ... /[From ldeseynes@aol.com][Date Wed, 6 Jul 2005 22:50:08 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ ... ... /[From ldeseynes@aol.com][Date Wed, 6 Jul 2005 22:50:08 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Thu, 7 Jul 2005 16:18:04 +0200 (CEST ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Thu, 7 Jul 2005 16:18:04 +0200 (CEST)]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Thu, 7 Jul 2005 16:18:04 +0200 (CEST)]/message.scr Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... ... /[From ptit_diable@caramail.com][Date Thu, 7 Jul 2005 18:37:43 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... ... /[From ptit_diable@caramail.com][Date Thu, 7 Jul 2005 18:37:43 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ . ... /[From vivipiv@hotmail.com][Date Fri, 8 Jul 2005 11:16:52 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ . ... /[From vivipiv@hotmail.com][Date Fri, 8 Jul 2005 11:16:52 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ ... /[From chandenier@wanadoo.fr][Date Tue, 5 Jul 2005 10:29:32 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[From berrard.j.jacques@wanadoo.fr][Date Mon, 4 Jul 2005 10:03:45 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From Ava Longoria ][Date Mon, 04 Jul 2005 00:24:38 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[From ][Date Sat, 2 Jul 2005 19:56:47 +0200 (CEST)]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Fri, 1 Jul 2005 18:58:50 +0200 (CEST)]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Ca ... /[ ... /[From veromenetrier@aol.com][Date Wed, 29 Jun 2005 01:04:00 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Ca ... /[From ][Date Thu, 17 Mar 2005 11:01:25 +0100]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Caroline" ... /[From it_prince@hotmail.com][Date Sat, 25 Jun 2005 23:43:39 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Caroline" ][Date Fri, 24 Jun 2005 09:01:44 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo ... /[From "Nathalie Volodalen" ][Date Thu, 23 Jun 2005 16:37:11 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From Ken Erwin ][Date Thu, 23 Jun 2005 05:41:02 +0400]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From ... /[From Dynamicathletic@aol.com][Date Wed, 22 Jun 2005 07:22:07 EDT]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From Cedric Dowdy ][Date Wed, 22 Jun 2005 08:04:38 -0400]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From ... /[From Dynamicathletic@aol.com][Date Wed, 22 Jun 2005 07:03:36 EDT]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From Eve Mosley ][Date Wed, 22 Jun 2005 20:24:00 -0600]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[ ... /[From Richard K. Lee <57avi@aasp.net>][Date Tue, 21 Jun 2005 08:20:23 +0000]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[From Michelle Slater ][Date Wed, 22 Jun 2005 13:43:31 +0600]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... / ... /[From Richard K. Lee <96beppe@acci.gr>][Date Sun, 19 Jun 2005 21:42:21 +0000]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[From Brady Daniel ][Date Sun, 19 Jun 2005 03:27:21 -0100]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Date Thu, 16 Jun 2005 09:16:37 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infecté - 30, suspect - 10 ignoré

 

C:\Documents and Settings\Propriétaire\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_clint.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Propriétaire\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE/cd_htm.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Propriétaire\Mes documents\netant\setup.exe/CD_INSTALL_268.EXE Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\Documents and Settings\Propriétaire\Mes documents\netant\setup.exe ZIP: infecté - 3 ignoré

 

C:\hp\bin\KillWind.exe Infecté: not-a-virus:RiskTool.Win32.PsKill.p ignoré

 

C:\hp\region\FR_FR-ie.reg Infecté: Trojan.WinREG.StartPage ignoré

 

C:\Program Files\MSN Messenger\Instant-Access.exe Infecté: not-a-virus:Dialer.Win32.E-Group.k ignoré

 

C:\Program Files\NewDotNet\newdotnet6_38.dll Infecté: not-a-virus:AdWare.Win32.NewDotNet ignoré

 

C:\Program Files\Windows Media Player\GDiVX1.9.9.5.exe/data0011 Infecté: not-a-virus:AdWare.Win32.NewDotNet ignoré

 

C:\Program Files\Windows Media Player\GDiVX1.9.9.5.exe/data0012 Infecté: not-a-virus:AdWare.Win32.GigatechSuperBar ignoré

 

C:\Program Files\Windows Media Player\GDiVX1.9.9.5.exe/data0013 Infecté: not-a-virus:AdWare.Win32.SaveNow.bx ignoré

 

C:\Program Files\Windows Media Player\GDiVX1.9.9.5.exe NSIS: infecté - 3 ignoré

 

C:\System Volume Information\_restore{743EF1E5-575C-4DE0-83AC-1B587C8E90E9}\RP90\A0085892.dll Infecté: not-a-virus:Porn-Dialer.Win32.InstantAccess ignoré

 

C:\System Volume Information\_restore{743EF1E5-575C-4DE0-83AC-1B587C8E90E9}\RP90\A0085893.dll Infecté: not-a-virus:Porn-Dialer.Win32.InstantAccess ignoré

 

C:\System Volume Information\_restore{743EF1E5-575C-4DE0-83AC-1B587C8E90E9}\RP90\A0085894.dll Infecté: not-a-virus:Porn-Dialer.Win32.InstantAccess ignoré

 

C:\System Volume Information\_restore{743EF1E5-575C-4DE0-83AC-1B587C8E90E9}\RP90\A0085895.dll Infecté: not-a-virus:Server-Proxy.Win32.MarketScode.c ignoré

 

C:\WINDOWS\ExeDialer.exe Infecté: not-a-virus:Dialer.Win32.E-Group.k ignoré

 

C:\WINDOWS\lbbho.dll Infecté: not-a-virus:AdWare.Win32.Neon.a ignoré

 

C:\WINDOWS\NDNuninstall5_48.exe Infecté: not-a-virus:AdWare.Win32.NewDotNet ignoré

 

C:\WINDOWS\NDNuninstall5_64.exe Infecté: not-a-virus:AdWare.Win32.NewDotNet ignoré

 

C:\WINDOWS\NDNuninstall6_10.exe Infecté: not-a-virus:AdWare.Win32.NewDotNet ignoré

 

C:\WINDOWS\NDNuninstall6_22.exe Infecté: not-a-virus:AdWare.Win32.NewDotNet ignoré

 

C:\WINDOWS\NDNuninstall6_30.exe Infecté: not-a-virus:AdWare.Win32.NewDotNet.g ignoré

 

C:\WINDOWS\NDNuninstall6_38.exe Infecté: not-a-virus:AdWare.Win32.NewDotNet ignoré

 

C:\WINDOWS\system32\cd_clint.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\WINDOWS\system32\cd_htm.dll Infecté: not-a-virus:AdWare.Win32.Cydoor ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Mon, 13 Jun 2005 16:02:48 +0200 (CEST)]/document.pif Infecté: Email-Worm.Win32.NetSky.y ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Mon, 20 Jun 2005 19:07:02 +0200 (CEST)]/document.pif Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[ .. ... /[From berrard.j.jacques@wanodoo.fr][Date Wed, 22 Jun 2005 14:38:05 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[ .. ... /[From berrard.j.jacques@wanodoo.fr][Date Wed, 22 Jun 2005 14:38:05 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-D ... /data.rtf .scr Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wa ... /[From w.widendaele@tiscali.fr][Date Fri, 1 Jul 2005 19:00:11 +0200]/details.zip Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Fri, 1 Jul 2005 18:58:50 +0200 (C ... /UNNAMED Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ ... ... /[From ldeseynes@aol.com][Date Wed, 6 Jul 2005 22:50:08 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ ... ... /[From ldeseynes@aol.com][Date Wed, 6 Jul 2005 22:50:08 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Thu, 7 Jul 2005 16:18:04 +0200 (CEST ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Thu, 7 Jul 2005 16:18:04 +0200 (CEST)]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Thu, 7 Jul 2005 16:18:04 +0200 (CEST)]/message.scr Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... ... /[From ptit_diable@caramail.com][Date Thu, 7 Jul 2005 18:37:43 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... ... /[From ptit_diable@caramail.com][Date Thu, 7 Jul 2005 18:37:43 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ . ... /[From vivipiv@hotmail.com][Date Fri, 8 Jul 2005 11:16:52 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ . ... /[From vivipiv@hotmail.com][Date Fri, 8 Jul 2005 11:16:52 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[ ... /[From chandenier@wanadoo.fr][Date Tue, 5 Jul 2005 10:29:32 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From ... /[From berrard.j.jacques@wanadoo.fr][Date Mon, 4 Jul 2005 10:03:45 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[Fro ... /[From Ava Longoria ][Date Mon, 04 Jul 2005 00:24:38 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... / ... /[From ][Date Sat, 2 Jul 2005 19:56:47 +0200 (CEST)]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlc ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Fri, 1 Jul 2005 18:58:50 +0200 (CEST)]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Ca ... /[ ... /[From veromenetrier@aol.com][Date Wed, 29 Jun 2005 01:04:00 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Ca ... /[From ][Date Thu, 17 Mar 2005 11:01:25 +0100]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Caroline" ... /[From it_prince@hotmail.com][Date Sat, 25 Jun 2005 23:43:39 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo . ... /[From "Caroline" ][Date Fri, 24 Jun 2005 09:01:44 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo ... /[From "Nathalie Volodalen" ][Date Thu, 23 Jun 2005 16:37:11 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From Ken Erwin ][Date Thu, 23 Jun 2005 05:41:02 +0400]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From ... /[From Dynamicathletic@aol.com][Date Wed, 22 Jun 2005 07:22:07 EDT]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From Cedric Dowdy ][Date Wed, 22 Jun 2005 08:04:38 -0400]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From ... /[From Dynamicathletic@aol.com][Date Wed, 22 Jun 2005 07:03:36 EDT]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... ... /[From Eve Mosley ][Date Wed, 22 Jun 2005 20:24:00 -0600]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[ ... /[From Richard K. Lee <57avi@aasp.net>][Date Tue, 21 Jun 2005 08:20:23 +0000]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[From Michelle Slater ][Date Wed, 22 Jun 2005 13:43:31 +0600]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... / ... /[From Richard K. Lee <96beppe@acci.gr>][Date Sun, 19 Jun 2005 21:42:21 +0000]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Da ... /[From Brady Daniel ][Date Sun, 19 Jun 2005 03:27:21 -0100]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html/[From sjlca@wanadoo.fr][Date Thu, 16 Jun 2005 09:16:37 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED/[From "Dms" ][Date Wed, 15 Jun 2005 09:44:19]/html Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED/[From =?iso-8859-1?Q?Nad=E8ge_ANDREO?= ][Date Tue, 14 Jun 2005 19:05:37 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED/[From Lynn Cordero ][Date Mon, 13 Jun 2005 19:12:41 -0600]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox/[From "Begue Fabrice" ][Date Tue, 3 May 2005 16:49:42 +0200]/UNNAMED Infecté: Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infecté - 30, suspect - 10 ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>][Date Sun, 29 May 2005 09:12:19 +0000]/UNNAMED/[From andre.duval10@wanadoo.fr][Date Sat, 4 Jun 2005 17:15:54 +0200]/UNNAMED/document.pif Infecté: Email-Worm.Win32.NetSky.y ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>][Date Sun, 29 May 2005 09:12:19 +0000]/UNNAM ... /[From =?iso-8 ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Mon, 13 Jun 2005 16:02:48 +0200 (CEST)]/document.pif Infecté: Email-Worm.Win32.NetSky.y ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>][Date Sun, 29 May 2005 09:12:19 +0000]/UNNAM ... /[From =?iso-8 ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Mon, 20 Jun 2005 19:07:02 +0200 (CEST)]/document.pif Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>][Date Sun, 29 May 2005 09:12:19 +0000]/UNNAM ... /[From =?iso-8859 ... / ... /[From "Raid ... ... /[From berrard.j.jacques@wanodoo.fr][Date Wed, 22 Jun 2005 14:38:05 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>][Date Sun, 29 May 2005 09:12:19 +0000]/UNNAM ... /[From =?iso-8859 ... / ... /[From "Raid ... ... /[From berrard.j.jacques@wanodoo.fr][Date Wed, 22 Jun 2005 14:38:05 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>] ... /[From =?iso-8859-1?B?Y29sbGVjdGlmIGRlcyByZXNzb3J0aXNzYW50cyBkZSBwZXRpdCBkdelrb3XpZXQgZ3VpdHJvem9u? ... /[From shaista@wanadoo.fr][Date Mon, 27 Jun 2005 14:19:09 +020 ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>] ... /[From =?iso-8859-1?B?Y29sbGVjdGlmIGRlcyByZXNzb3J0aXNzYW50cyBkZSBwZXRpdCBkdelrb3XpZXQgZ3VpdHJvem9u? ... /[From shaista@wanadoo.fr][Date Mon, 27 Jun 2005 14:19:09 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>] ... /[From =?iso-8859-1?B?Y29sbGVjdGlmIGRlcyByZXNzb3J0aXNzYW50cyBkZ ... /[From MAILER-D ... /data.rtf .scr Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>] ... /[From =?iso-8859-1?B?Y29sbGVjdGlmIGRlcyByZXNzb3J0aXNzYW50cyBkZ ... /[From MAILER-DAEMON@wa ... /[From w.widendaele@tiscali.fr][Date Fri, 1 Jul 2005 19:00:11 +0200]/details.zip Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>] ... /[From =?iso-8859-1?B?Y29sbGVjdGlmIGRlcyByZXNzb3J0aXNzYW50cyBkZ ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Fri, 1 Jul 2005 18:58:50 +0200 (C ... /UNNAMED Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>] ... /[From =?iso-8859-1?B?Y29sbGVjdGlmIGRlcyByZXNzb3J0aXNzYW50cyBkZ ... /[From MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][Date Fri, 1 Jul 2005 18:58:50 +0200 (CEST)]/UNNAMED Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash/[From patrick.herscovici@wanadoo.fr][Date Wed, 1 Jun 2005 08:29:15 +0200]/UNNAMED/[From "Caroline" ][Date Thu, 2 Jun 2005 09:30:39 +0200]/UNNAMED/[From Bochu Jacques ][Date Thu, 2 Jun 2005 15:47:55 +0200]/UNNAMED/[From Richard K. Lee <2jan-olof@a1isp.net>] ... /[From =?iso-8859-1?B?Y29sbGVjdGlmIGRlcyByZXNzb3J0aXNzYW50cyBkZSBwZXRpdCBkdel ... /[From Van ... /[From jeffherveau@worldonline.fr][Date Fri, 1 Jul 2005 12:01:47 +0200]/UNNAMED Infecté: Email-Worm.Win32.NetSky.q ignoré

 

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour wardog92 !

 

Tu n'as pas suivi mon conseil...

Le log antivir montre qu'il faut faire un sérieux ménage dans les Mails !

=> Sauvegarde tous les mails importants et sur à 100% puis supprime tout le reste !!

=>Il faut absolumnet le faire !!

 

Voici ce que tu vas devoir faire après.

 

1. Télécharger LSPfix:

http://www.cexx.org/lspfix.htm

 

2. Télécharger winsockfix

http://www.greyknight17.com/spy/WinsockFix.zip

 

3. Cliquer sur Démarrer> Panneau de configuration> Ajout/Suppression de programmes

 

Désinstaller:

 

NewNet, NewDotNet, tout ce qui a trait à ce domaine.

 

Si non trouvé dans Ajout/Suppression de programmes, suivre la procédure 4 de cette page:

http://www.newdotnet.com/removal.html

 

Si au cours de la manipulation , perte l'accès à l'internet:

=>Démarrer LSPfix, cocher "I know what I'm doing" puis cliquer sur "Finish".

 

Si LSPfix n'as pas fonctionné

Dézipper winsockfix sur le Bureau, et cliquer "Fix".

 

Ensuite

 

-Télécharger et installer EasyCleaner de Toni Helenius (Programme faisant partie de la catégorie des nettoyeurs)

http://personal.inet.fi/business/toniarts/ecleane.htm

 

Télécharger la version d'évaluation d'Ewido anti-spyware (Programme faisant partie des anti-malwares):

http://www.ewido.net/en/download

  1. Lance Ewido et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.
     
  2. Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"
     
  3. Ferme Ewido. Ne pas le lancer tout de suite.

 

Au vu de la longueur de la procédure, je te conseille de l'imprimer, ou d'en sélectionner toutes les lignes et de copier cette sélection dans un fichier texte sur ton PC.

Il faut exécuter toutes les étapes, dans l'ordre exact indiqué ci-dessous.

Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.

 

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les droits "Administrateur" et en ayant désactivé les protections résidentes si il y en a ! (ex:Spybot S&D, Ad-Watch, Microsoft AntiSpyware )

 

 

-Redémarrer en mode sans échec :

(En mode sans échec : seul les processus systèmes sont lancés il est donc plus facile de supprimer ce qui est infecté.)

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé,

Il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu’à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec"et appuyer sur [Entrée].

NB:Si problème aller voir ici: http://service1.symantec.com/SUPPORT/INTER...020325143456924

 

 

-Vérifier d'avoir accès à tous les fichiers :

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer l'option : Afficher les fichiers et dossiers cachés

Désactiver l'option : Masquer les extensions des fichiers dont le type est connu

Désactiver l'option : Masquer les fichiers protégés du système d'exploitation

Puis cliquer sur "Appliquer à tous les dossiers"

 

Maintenant on va supprimer manuellement les fichiers infectieux !

 

Démarrer, Exécuter, et taper (ou copier/coller): regsvr32 /u C:\WINDOWS\system32\cd_clint.dll

et valider par Ok

 

Démarrer, Exécuter, et taper (ou copier/coller): regsvr32 /u C:\WINDOWS\system32\cd_htm.dll

et valider par Ok

 

Démarrer, Exécuter, et taper (ou copier/coller): regsvr32 /u C:\WINDOWS\lbbho.dll

et valider par Ok

 

 

Avant de supprimer quelque chose toujours noter la date et l'heure de création et communiquer les informations lors de la prochaine réponse.

 

Clique sur démarrer/executer/

Copie/colle

Rentre le chemin indiqué en rouge C:\Documents and Settings\Administrateur\Mes documents\netant\

Le dossier va s'ouvrir

Supprime le fichier indiqué en gras:

setup.exe(clique droit /supprimer)

 

 

Répète l'opération pour ceux là

C:\Documents and Settings\Administrateur.NOM-FHA60KKNN64\Mes documents\netant\

setup.exe

C:\Documents and Settings\Default User\Mes documents\netant\

setup.exe

C:\Documents and Settings\Invité\Mes documents\netant\

setup.exe

C:\Documents and Settings\Propriétaire\Mes documents\netant\

setup.exe

C:\Program Files\MSN Messenger\

Instant-Access.exe

C:\Program Files\

NewDotNet

C:\Program Files\Windows Media Player\

GDiVX1.9.9.5.exe

C:\WINDOWS\

ExeDialer.exe

C:\WINDOWS\

lbbho.dll

C:\WINDOWS\system32\

cd_clint.dll

C:\WINDOWS\system32\

cd_htm.dll

 

 

Vider la poubelle !

 

-Exécuter EasyCleaner (Utiliser le raccourci sur le bureau):

(Utilitaire qui va supprimer les dossiers temporaires/inutiles et nettoyer la base de registre)

Utiliser les fonctions "Inutiles" et "Registre" seulement. Ne pas toucher à la fonction "doublons".

*Remarque:

-Dans "Inutiles", coche les cases suivantes=>"Normal Types" - "Temp Directories" - "Temp Internet Files" -

"Browser Cookies" puis clique sur "Find".

Lorsque le scan est terminé,clique sur "Delete all".

 

 

Relancer Ewido

  • Clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.
     
  • Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.
     
  • Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).

-Redémarrer en mode normal :

 

-Poster une réponse dans le même sujet

(Cliquer sur répondre entre "flash" et "nouveau " tout en bas de page!)

-Mettre un nouveau rapport HijackThis

-Poster le rapport Ewido

-Indiquer si le Pc présente encore des dysfonctionnements

 

Après avoir posté ta réponse :

 

Peux-tu faire s'il te plait un scan en ligne?=>

-Faire un scan en ligne ici et coller le rapport.

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

 

A plus et bon courage ! :P

wardog92 Member

wardog92

Posté(e)
  • Auteur
Posté(e)

heu...ouai...mais là non.... :P

la partie avec NewDotNet là.... :P:-P bin là je n'y comprend rien dsl...

je suis la procédure mais au moment de lancer le programme à partir de la diskette...bin rien...AU SECOURS!!!! :-(

wardog92 Member

wardog92

Posté(e)
  • Auteur
Posté(e)

NewNet NewDotNet, je ne peux pas les désinstaller car ils ne sont pas ds la liste. si j'ai bien compris c'est ke s'ils n'y sont pas, je suis la procédure 4 du lien ke tu m'a donné:

 

PROCEDURE 4 (Download Uninstall from New.net):

* Please make sure all anti-virus and anti-spy ware programs are shut off for the uninstall process. These programs can hinder the complete removal of the new.net software.

 

1. From a computer that has Internet access, click on the following link:

http://www.new.net/support/NNuninstall.exe.

2. Download and save NNuninstall.exe to a 3-½ floppy disk.

3. Insert the floppy disk into the floppy drive of the computer that needs to have our software uninstalled from.

4. Click on Start.

5. Click on Run.

6. In the Open window type, A:\NNuninstall.exe.

7. Click on the OK button.

8. After removal of our software, you may be prompted to reboot. Please reboot after removing our software.

 

non? c'est pas ça? :P

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

RE

 

Ok laisse tomber cette partie alors rend toi ici

 

=> C:\Program Files\NewDotNet\

 

Tape démarrer/executer tape ou copie/colle :

C:\Program Files\NewDotNet\

 

Cherche si un fichier du genre uninstal.exe existe

 

Si il existe clique dessus.

 

Sinon on essayera autre chose.

 

A plus.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...