binouse
-
Compteur de contenus
13 -
Inscription
-
Dernière visite
binouse's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
09/23/06 11:18:57 [info]: BlackLight Engine 1.0.46 initialized 09/23/06 11:18:57 [info]: OS: 5.1 build 2600 (Service Pack 1) 09/23/06 11:18:58 [Note]: 7019 4 09/23/06 11:18:58 [Note]: 7005 0 09/23/06 11:19:04 [Note]: 7006 0 09/23/06 11:19:04 [Note]: 7011 1564 09/23/06 11:19:05 [Note]: 7026 0 09/23/06 11:19:05 [Note]: 7026 0 09/23/06 11:19:10 [Note]: FSRAW library version 1.7.1019 09/23/06 11:33:57 [Note]: 7007 0 Salut, oui le message d'erreu est avec Ie et ca rame avec Mozilla et Ie mais 1 peut moin qu'avant quand mm. Merci -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
KASPERSKY ON-LINE SCANNER REPORT Thursday, September 21, 2006 5:03:24 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 20/09/2006 Enregistrements dans la base antivirus Kaspersky : 212040 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ Statistiques de l'analyse Total d'objets analysés 56092 Nombre de virus trouvés 3 Nombre d'objets infectés 5 / 0 Nombre d'objets suspects 2 Durée de l'analyse 02:58:25 Nom de l'objet infecté Nom du virus Dernière action C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\ZLT06fd0.TMP L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\BENJAMIN.ldb L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Historique\History.IE5\MSHist012006092020060921\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Application Data\AVG7\Log\emc.log L'objet est verrouillé ignoré C:\Documents and Settings\BEN\ntuser.dat L'objet est verrouillé ignoré C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip/Patch_Dreamweaver MX6vf.exe Suspect : Password-protected-EXE ignoré C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip ZIP: suspect - 1 ignoré C:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\change.log L'objet est verrouillé ignoré D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000678.exe/Stream/data0004 Infecté : Trojan-Spy.Win32.Qeds.b ignoré D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000678.exe/Stream Infecté : Trojan-Spy.Win32.Qeds.b ignoré D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000678.exe Inno: infecté - 2 ignoré D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000679.exe/WISE0018.BIN Infecté : Trojan-PSW.Win32.Delf.kn ignoré D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000679.exe WiseSFX: infecté - 1 ignoré Analyse terminée. A la fermeture d'IE un panneau d'erreur d'application s'affiche et me dit: "l'instruction à "0x0150a9fe" emploie l'adresse mémoire "0x018438b8". La mémoire ne peut pas etre "read". merci -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
voila la fini que le poste n'arrive pas à prendre en 1 seul foi, non il y a pas d'autre logiciel qui tourne du genre P2P et internet rame. C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From "eBay" ][Date Wed, 20 Apr 2005 13:51:58 -0700]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED/document.txt.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From "eBay" ][Date Wed, 20 Apr 2005 13:51:58 -0700]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From "eBay" ][Date Wed, 20 Apr 2005 13:51:58 -0700]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 21 Apr 2005 03:05:23 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 21 Apr 2005 03:05:23 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 21 Apr 2005 03:05:23 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash Mail Berkeley mbox: infecté - 78, suspect - 27 ignoré C:\Documents and Settings\BEN\Application Data\AVG7\Log\emc.log L'objet est verrouillé ignoré C:\Documents and Settings\BEN\ntuser.dat L'objet est verrouillé ignoré C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip/Patch_Dreamweaver MX6vf.exe Suspect : Password-protected-EXE ignoré C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip ZIP: suspect - 1 ignoré C:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP3\change.log L'objet est verrouillé ignoré D:\Programme\MSNPass_demo.exe/WISE0018.BIN Infecté : Trojan-PSW.Win32.Delf.kn ignoré D:\Programme\MSNPass_demo.exe WiseSFX: infecté - 1 ignoré D:\Programme\setup.exe/Stream/data0004 Infecté : Trojan-Spy.Win32.Qeds.b ignoré D:\Programme\setup.exe/Stream Infecté : Trojan-Spy.Win32.Qeds.b ignoré D:\Programme\setup.exe Inno: infecté - 2 ignoré D:\Programme\site web\Patch_Dreamweaver MX6vf.zip/Patch_Dreamweaver MX6vf.exe Suspect : Password-protected-EXE ignoré D:\Programme\site web\Patch_Dreamweaver MX6vf.zip ZIP: suspect - 1 ignoré Analyse terminée. -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
KASPERSKY ON-LINE SCANNER REPORT Wednesday, September 20, 2006 5:01:03 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 19/09/2006 Enregistrements dans la base antivirus Kaspersky : 211704 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ Statistiques de l'analyse Total d'objets analysés 55668 Nombre de virus trouvés 13 Nombre d'objets infectés 183 / 0 Nombre d'objets suspects 48 Durée de l'analyse 03:06:27 Nom de l'objet infecté Nom du virus Dernière action C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Inbox/[From "support ebay" ][Date Sun, 19 Jun 05 21:55:31 GMT]/html Infecté : Trojan-Spy.HTML.Bayfraud.hd ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Inbox Mail Berkeley mbox: infecté - 1 ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Trash/[From "support ebay" ][Date Sun, 19 Jun 05 21:55:31 GMT]/html Infecté : Trojan-Spy.HTML.Bayfraud.hd ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Trash Mail Berkeley mbox: infecté - 1 ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From hostmaster@arrakis.es][Date Fri, 17 Dec 2004 00:31:53 UTC]/arrakis.9025.zip/message_text.txt .pif Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From hostmaster@arrakis.es][Date Fri, 17 Dec 2004 00:31:53 UTC]/arrakis.9025.zip Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Sun, 19 Dec 2004 03:08:46 +0100]/UNNAMED/[From hostmaster@bconnex.net][Date Tue, 21 Dec 2004 22:33:21 GMT]/bconnex1183.word.pif Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Sun, 19 Dec 2004 03:08:46 +0100]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 28 Dec 2004 03:30:50 +0100]/UNNAMED/[From "mel lefevre" ][Date Tue, 28 Dec 2004 18:27:27 +0000]/text/[From hostmaster@videotron.ca][Date Wed, 29 Dec 2004 18:51:17 UTC]/videotron_6905.pif Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 28 Dec 2004 03:30:50 +0100]/UNNAMED/[From "mel lefevre" ][Date Tue, 28 Dec 2004 18:27:27 +0000]/text Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 28 Dec 2004 03:30:50 +0100]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Yazafreefly@aol.com][Date Sun, 2 Jan 2005 16:24:41 EST]/UNNAMED/[From "news@rueducommerce.com" ][Date Mon, 03 Jan 2005 03:01:58 +0100]/UNNAMED/[From "mel lefevre" ][Date Tue, 04 Jan 2005 18:06:26 +0000]/re_mail_8633.TXT.bat Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Yazafreefly@aol.com][Date Sun, 2 Jan 2005 16:24:41 EST]/UNNAMED/[From "news@rueducommerce.com" ][Date Mon, 03 Jan 2005 03:01:58 +0100]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Yazafreefly@aol.com][Date Sun, 2 Jan 2005 16:24:41 EST]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED/[From "Voyages-sncf.com" ][Date Thu, 6 Jan 2005 13:33:14 +0100 (CET)]/UNNAMED/[From "Jan " ][Date Thu, 06 Jan 2005 15:47:08 -0500]/UNNAMED/[From Smith Barney ][Date Sat, 08 Jan 2005 08:20:11 -0100]/html Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED/[From "Voyages-sncf.com" ][Date Thu, 6 Jan 2005 13:33:14 +0100 (CET)]/UNNAMED/[From "Jan " ][Date Thu, 06 Jan 2005 15:47:08 -0500]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED/[From "Voyages-sncf.com" ][Date Thu, 6 Jan 2005 13:33:14 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED/[From "vincent lafuente" Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED/[From "vincent lafuente" ][Date Thu, 13 Jan 2005 00:14:16 +0100]/UNNAMED/[From ][Date Thu, 13 Jan 2005 21:51:29 +0100]/photo.zip Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED/[From "vincent lafuente" ][Date Thu, 13 Jan 2005 00:14:16 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Marcus " ][Date Fri, 14 Jan 2005 21:39:48 -0500]/UNNAMED/[From Washington Mutual, Inc. ][Date Tue, 18 Jan 2005 05:17:15 -0600]/html Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Marcus " ][Date Fri, 14 Jan 2005 21:39:48 -0500]/UNNAMED Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From ][Date Wed, 19 Jan 2005 21:29:09 +0100]/UNNAMED/desktop.zip/desktop.txt .scr Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From ][Date Wed, 19 Jan 2005 21:29:09 +0100]/UNNAMED/desktop.zip Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From ][Date Wed, 19 Jan 2005 21:29:09 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Regions Bank ][Date Wed, 02 Feb 2005 15:53:38 +0100]/html Infecté : Trojan-Spy.HTML.Bankfraud.dq ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14: ... /[From Smith Barney ][Date Fri, 04 Feb 2005 08:20:41 +020 ... /html Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14: ... /[From Smith Barney ][Date Fri, 04 Feb 2005 08:20:41 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED/[From ... /[From ... /[From "eBay" ][Date Thu, 3 Feb 2005 18:19:14 -0800]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED/[From ... /[From Avery Sellers ][Date Thu, 03 Feb 2005 22:45:15 -0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED/[From oruff@swoopin.com][Date Thu, 3 Feb 2005 18:21:39 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Jan " ][Date Thu, 10 Feb 2005 05:07:08 -0600]/UNNAMED/[From "benjamin guibert" ][Date Thu, 10 Feb 2005 14:37:59 +0100]/html Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Jan " ][Date Thu, 10 Feb 2005 05:07:08 -0600]/UNNAMED Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Actualis - La newsletter ][Date Thu, 3 mar 2005 13:22:59 +0100]/UNNAMED/[From Regions Bank ][Date Thu, 03 Mar 2005 13:58:04 -0600]/UNNAMED/html Infecté : Trojan-Spy.HTML.Bankfraud.ci ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Actualis - La newsletter ][Date Thu, 3 mar 2005 13:22:59 +0100]/UNNAMED/[From Regions Bank ][Date Thu, 03 Mar 2005 13:58:04 -0600]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ci ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Actualis - La newsletter ][Date Thu, 3 mar 2005 13:22:59 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ci ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED/[From "news@rueducommerce.com" ] ... /data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 19 Apr 2005 04:19:14 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/text/[From webmaster@xlr-8.ch][Date Tue, 19 Apr ... /details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/text/[From webmaster@xlr-8.ch][Date Tue, 19 Apr 2005 13:17:44 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/text Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From sugargliderzfreefly@hotmail.com][Date Tue, 19 Apr 2005 14:26:07 +0200]/UNNAMED/UNNAMED/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From sugargliderzfreefly@hotmail.com][Date Tue, 19 Apr 2005 14:26:07 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From sugargliderzfreefly@hotmail.com][Date Tue, 19 Apr 2005 14:26:07 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From xlr-8er@xlr-8.ch][Date Tue, 19 Apr 2005 15:08:19 +0200]/UNNAMED/UNNAMED/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From xlr-8er@xlr-8.ch][Date Tue, 19 Apr 2005 15:08:19 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From xlr-8er@xlr-8.ch][Date Tue, 19 Apr 2005 15:08:19 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/list.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/list.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/[From deborah.van.laer@pandora.be][Date Tue, 19 Apr 2005 17:20:27 +0200]/UNNAMED/product.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/[From deborah.van.laer@pandora.be][Date Tue, 19 Apr 2005 17:20:27 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From "Lea de voyages-sncf.com" ][Date Tue, 19 Apr 2005 17:29:17 +0200 (CEST)]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From "Lea de voyages-sncf.com" ][Date Tue, 19 Apr 2005 17:29:17 +0200 (CEST)]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From "Lea de voyages-sncf.com" ][Date Tue, 19 Apr 2005 17:29:17 +0200 (CEST)]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED/message_guibertbenjamin.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED/message_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/readme.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/readme.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/[From guido@gwiss-freefly.de][Date Wed, 20 Apr 2005 15:00:27 +0200]/UNNAMED/data.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/[From guido@gwiss-freefly.de][Date Wed, 20 Apr 2005 15:00:27 +0200]/UNNAMED/data.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/[From guido@gwiss-freefly.de][Date Wed, 20 Apr 2005 15:00:27 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED/msg.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED/file_guibertbenjamin.zip/data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED/file_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED/document.txt.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox Mail Berkeley mbox: infecté - 94, suspect - 17 ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/data.zip/data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/data.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From joseph.pfleger@cidou.fr][Date Mon, 18 Apr 2005 16:19:01 +0200]/UNNAMED/software_guibertbenjamin.doc.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From joseph.pfleger@cidou.fr][Date Mon, 18 Apr 2005 16:19:01 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 16:22:12 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 16:22:12 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 16:22:12 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From help@atlas-as.sk][Date Mon, 18 Apr 2005 17:30:29 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From help@atlas-as.sk][Date Mon, 18 Apr 2005 17:30:29 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From mts@lebanon-online.com.lb][Date Mon, 18 Apr 2005 19:17:26 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From mts@lebanon-online.com.lb][Date Mon, 18 Apr 2005 19:17:26 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From willsamantha4@yahoo.com][Date Mon, 18 Apr 2005 17:26:38 +0200]/UNNAMED/postcard.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From willsamantha4@yahoo.com][Date Mon, 18 Apr 2005 17:26:38 +0200]/ -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
Logfile of HijackThis v1.99.1 Scan saved at 13:45:15, on 19/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\BEN\LOCALS~1\Temp\Rar$EX00.064\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03 O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe rapport diaghelp: C:\WINDOWS\System32\Uninstall.ico -->19/09/2006 14:07:46 C:\WINDOWS\System32\Help.ico -->19/09/2006 14:07:46 C:\WINDOWS\System32\pavas.ico -->19/09/2006 14:07:46 C:\WINDOWS\System32\vsconfig.xml -->19/09/2006 14:01:04 C:\WINDOWS\System32\wpa.dbl -->10/09/2006 04:54:44 C:\WINDOWS\System32\swreg.exe -->29/08/2006 19:43:54 C:\WINDOWS\System32\FNTCACHE.DAT -->24/08/2006 13:03:08 C:\WINDOWS\System32\asuninst.exe -->02/08/2006 12:39:06 C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->07/05/2006 20:24:02 C:\WINDOWS\System32\rmoc3260.dll -->05/05/2006 19:08:24 C:\WINDOWS\System32\pndx5032.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pndx5016.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pncrt.dll -->05/05/2006 19:08:00 C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12 C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08 C:\WINDOWS\System32\SrchSTS.exe -->27/04/2006 17:49:30 C:\WINDOWS\System32\affv9869p2now.sys -->20/04/2006 18:54:10 C:\WINDOWS\System32\sirenacm.dll -->25/01/2006 05:34:24 C:\WINDOWS\System32\DKRNL.JAX -->10/01/2006 20:31:46 C:\WINDOWS\System32\swsc.exe -->09/01/2006 10:36:06 C:\WINDOWS\System32\amcompat.tlb -->18/12/2005 18:28:06 C:\WINDOWS\System32\nscompat.tlb -->18/12/2005 18:28:06 C:\WINDOWS\System32\javaws.exe -->10/11/2005 13:03:54 C:\WINDOWS\System32\jpicpl32.cpl -->10/11/2005 13:03:50 C:\WINDOWS\System32\javaw.exe -->10/11/2005 11:27:16 C:\WINDOWS\setupapi.log -->19/09/2006 14:08:36 C:\WINDOWS\wiadebug.log -->19/09/2006 13:58:26 C:\WINDOWS\0.log -->19/09/2006 13:58:14 C:\WINDOWS\bootstat.dat -->19/09/2006 13:58:02 C:\WINDOWS\ntbtlog.txt -->19/09/2006 13:57:08 C:\WINDOWS\wiaservc.log -->19/09/2006 13:39:56 C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt -->18/09/2006 19:39:48 C:\WINDOWS\setupact.log -->18/09/2006 16:57:32 C:\WINDOWS\setuperr.log -->17/09/2006 23:22:42 C:\WINDOWS\SYSTEM.INI -->16/09/2006 12:04:38 C:\WINDOWS\win.ini -->16/09/2006 12:04:38 C:\WINDOWS\SchedLgU.Txt -->14/09/2006 16:12:36 C:\WINDOWS\NeroDigital.ini -->14/09/2006 13:20:52 C:\WINDOWS\QTFont.for -->12/09/2006 19:17:54 C:\WINDOWS\QTFont.qfn -->12/09/2006 19:17:54 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\trackerpod_server.exe |03/10/2005 21:43:35 C:\WINDOWS\vsnpstd.exe |08/10/2005 16:01:15 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\MTITSunst.exe |01/06/2005 19:12:17 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\getnode.dll |15/04/2003 10:05:20 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\ltmm_n.dll |23/06/2005 19:29:39 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\rsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\vsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\dsnpstd.dll |08/10/2005 16:01:15 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\csnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\SrchSTS.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\system32 30/08/2002 13:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 16 096 804 864 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\Downloaded Program Files 15/04/2003 09:00 <REP> . 15/04/2003 09:00 <REP> .. 15/04/2003 09:00 65 desktop.ini 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 23/05/2005 13:41 495 LegitCheckControl.inf 30/12/2004 11:29 267 328 fpu.ocx 30/12/2004 11:29 3 071 fpu.inf 27/03/2006 13:00 5 019 swflash.inf 31/10/2001 10:37 118 uninst.bat 12/07/2000 02:02 36 864 fxfileop.dll 30/01/2003 16:52 348 160 bitdefender.ocx 21/03/2002 15:26 815 bitdefender.inf 02/09/2005 16:41 135 168 asinst.dll 02/09/2005 14:50 525 asinst.inf 13 fichier(s) 799 487 octets Total des fichiers listés : 13 fichier(s) 799 487 octets 2 Rép(s) 16 096 804 864 octets libres Liste des programmes installes ACDSee for Pentax 2.0 ACE Mega CoDecS Pack Ad-aware 6 Personal Adobe Acrobat 5.0 Adobe Premiere Pro Alcohol 120% (Trial Version) Archiveur WinRAR AVG Free Edition Azureus Bluetooth Easy Connect Bluetooth Stack for Windows by Toshiba BSPlayer Canon MP Drivers 7.0 Canon MP Navigator 1.1 Canon ScanGear Starter Canon Utilities Easy-PhotoPrint CCleaner (remove only) CloneDVD Commandes TOSHIBA Console TOSHIBA Correctif Windows XP (SP2) Q810565 e-Carte Bleue Banque Populaire Economie TOSHIBA eMule ewido anti-spyware 4.0 Formatage de carte mémoire SD TOSHIBA Freeplayer FTP Expert 3 Google Earth Guitar Pro 4.0 HijackThis 1.99.1 Hollywood FX GOLD Intel® PRO Ethernet Adapter and Software InterVideo WinDVD 4 J2SE Runtime Environment 5.0 Update 6 Kazaa Lite K++ v2.4.2 Lecteur Windows Media 10 LimeWire PRO 4.12.3 Lyra Jukebox Applications Macromedia Dreamweaver MX Manuels TOSHIBA Microsoft .NET Framework (French) Microsoft .NET Framework (French) v1.0.3705 Microsoft AutoRoute 2002 Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Word 2002 Microsoft Works 7.0 Morpheus 5.2 (remove only) Mozilla (1.7.3) (fr) MP3 Turbo Injector 1.5 MSN Messenger 7.5 Nero OEM NVIDIA Windows 2000/XP Display Drivers OmniPage SE 2.0 OS Pack Works Suite Package du correctif Windows XP [voir Q329048 pour plus de détails] Package du correctif Windows XP [voir q329112 pour plus de détails] Package du correctif Windows XP [voir Q329115 pour plus de détails] Package du correctif Windows XP [voir Q329390 pour plus de détails] PDF Manager 3.00 PerfectAed QuickTime Alternative 1.70 Real Alternative 1.21 RealPlayer Spybot - Search & Destroy 1.3 Steganos Internet Anonym 7.0.9 Sélecteur d'installation de Microsoft Works Suite 2003 Synaptics cPad Synaptics Pointing Device Driver TOSHIBA ConfigFree Toshiba Hotkey - Utilitaire de sélection du périphérique d'affichage TOSHIBA MEDIA PLAYER V1.7 TOSHIBA Mobile Extension3 pour Windows XP V3.27.00.XP TOSHIBA Satellite Demo Toshiba screensaver TOSHIBA Software Modem TOSHIBA Utilities Ulead COOL 3D Studio Ulead DVD Workshop Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00 VideoCAM Eye VideoLAN VLC media player 0.8.5 Viewpoint Media Player (Remove Only) WaveL Pic2Pic WebFldrs XP WinAVI VideoConverter Windows Media Format Runtime Windows Media Player 9 Series TweakMP PowerToy Wireless-G Notebook Adapter Wireless Hotkey WMP_do_MP3 version 5.0.1 YAMAHA AC-XG WDM ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Fichiers communs 15/04/2003 08:57 <REP> Windows NT 15/04/2003 08:57 <REP> MSN 15/04/2003 08:58 <REP> MSN Gaming Zone 15/04/2003 08:58 <REP> Messenger 15/04/2003 08:58 <REP> Windows Media Player 15/04/2003 08:58 <REP> Services en ligne 15/04/2003 08:58 <REP> ComPlus Applications 15/04/2003 08:59 <REP> Internet Explorer 15/04/2003 08:59 <REP> Outlook Express 15/04/2003 08:59 <REP> NetMeeting 15/04/2003 08:59 <REP> Movie Maker 15/04/2003 09:03 <REP> microsoft frontpage 15/04/2003 09:03 <REP> xerox 15/04/2003 10:01 <REP> TOSHIBA 15/04/2003 10:40 <REP> Adobe 15/04/2003 10:41 <REP> Synaptics 15/04/2003 10:48 <REP> InterVideo 22/04/2005 11:58 <REP> Linksys 22/04/2005 12:10 <REP> Zone Labs 22/04/2005 12:15 <REP> Grisoft 22/04/2005 12:30 <REP> Netscape 22/04/2005 12:31 <REP> Viewpoint 22/04/2005 12:56 <REP> MSN Messenger 22/04/2005 12:59 <REP> Mozilla Firefox 22/04/2005 14:23 <REP> ACE Mega CoDecS Pack 22/04/2005 14:44 <REP> Webteh 22/04/2005 14:45 <REP> VideoLAN 22/04/2005 14:46 <REP> WinRAR 04/05/2005 21:49 <REP> Kazaa Lite K++ 22/06/2005 20:45 <REP> Ahead 22/06/2006 13:33 <REP> e-Carte Bleue 22/04/2005 15:12 <REP> Nouveau dossier 22/04/2005 15:15 <REP> eMule 22/04/2005 15:20 <REP> Ad-aware 22/04/2005 15:20 <REP> RegCleaner 22/04/2005 15:21 <REP> Spybot - Search & Destroy 22/04/2005 15:22 <REP> Lavasoft 22/04/2005 15:23 <REP> RamBooster 22/04/2005 15:38 <REP> mozilla.org 26/04/2005 15:53 <REP> WaveL Pic2Pic 26/04/2005 16:03 <REP> ACD Systems 03/05/2005 21:48 <REP> PDF Manager 17/05/2005 13:10 <REP> Microsoft Office 23/05/2005 15:33 <REP> Microsoft Works Suite 2003 23/05/2005 15:33 <REP> Microsoft Works 01/06/2005 17:40 <REP> Unrelated Inventions 01/06/2005 18:12 <REP> PerfectAed 23/06/2005 17:48 <REP> directx 01/06/2005 18:04 <REP> Softal 01/06/2005 19:12 <REP> Ultimate Systems 24/06/2005 00:50 <REP> ICOO Loader 23/06/2005 01:48 <REP> Ulead Systems 23/06/2005 17:02 <REP> K-Lite Codec Pack 03/10/2005 21:43 <REP> Eagletron 23/06/2005 18:08 <REP> Free Download Manager 07/08/2005 13:25 <REP> EPSON 20/09/2005 01:18 <REP> Freeplayer 20/09/2005 21:04 <REP> Macromedia 20/04/2006 18:54 <REP> WinAVI VideoConverter 21/09/2005 00:32 <REP> Visicom Media 05/10/2005 17:40 <REP> Microsoft AutoRoute 06/10/2005 20:53 <REP> Xilisoft 08/10/2005 16:01 <REP> VideoCAM Eye 23/12/2005 20:00 <REP> Alcohol Soft 25/12/2005 18:03 <REP> Canon 25/12/2005 18:12 <REP> ScanSoft 10/01/2006 20:06 <REP> Pinnacle 13/02/2006 15:40 <REP> QuickTime 13/02/2006 16:03 <REP> Real 14/02/2006 05:56 <REP> Real Alternative 14/02/2006 05:56 <REP> Media Player Classic 25/03/2006 15:31 <REP> Elaborate Bytes 07/05/2006 20:22 <REP> Java 14/05/2006 19:00 <REP> Yahoo! 20/08/2006 20:21 <REP> Azureus 12/06/2006 12:37 <REP> Thomson 16/06/2006 18:35 <REP> CCleaner 18/05/2006 12:47 <REP> Passware 06/07/2006 19:54 <REP> Google 10/07/2006 18:08 <REP> Guitar Pro 4 18/07/2006 18:36 <REP> QuickTime Alternative 20/08/2006 20:56 <REP> Morpheus 21/08/2006 16:04 <REP> LimeWire 14/09/2006 13:42 <REP> Steganos Internet Anonym 7 14/09/2006 13:42 <REP> Secure Surfing Engine 18/09/2006 12:22 <REP> ewido anti-spyware 4.0 18/09/2006 01:13 <REP> HijackThis 0 fichier(s) 0 octets 90 Rép(s) 16 096 231 424 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files\fichiers communs 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Microsoft Shared 15/04/2003 08:53 <REP> SpeechEngines 15/04/2003 08:53 <REP> ODBC 15/04/2003 08:59 <REP> System 15/04/2003 08:59 <REP> MSSoap 15/04/2003 08:59 <REP> Services 15/04/2003 09:15 <REP> InstallShield 15/04/2003 10:40 <REP> Adobe 22/04/2005 12:30 <REP> mozilla.org 26/04/2005 16:03 <REP> ACD Systems 31/05/2005 03:10 <REP> Designer 22/06/2005 21:57 <REP> Ahead 23/06/2005 01:48 <REP> Ulead Systems 20/09/2005 21:05 <REP> Macromedia 20/09/2005 21:06 <REP> Vbox 08/10/2005 16:01 <REP> VCAMEye 25/12/2005 18:12 <REP> ScanSoft Shared 13/02/2006 16:03 <REP> Real 05/05/2006 19:08 <REP> xing shared 07/05/2006 20:21 <REP> Java 0 fichier(s) 0 octets 22 Rép(s) 16 096 739 328 octets libres c:\Documents and Settings\BEN\Menu Démarrer\Programmes\WinRAR\wrar330fr.exe c:\Documents and Settings\BEN\Mes documents\realalt121.exe c:\Documents and Settings\BEN\Mes documents\WM9Powertoy_TweakMP.EXE c:\Documents and Settings\BEN\Mes documents\XviD-1.0-RC4-05042004.exe c:\Documents and Settings\BEN\Mes documents\AIR FRANCE\crac-nero\cr-nve20.exe c:\Documents and Settings\BEN\Mes documents\BICS\eCarteBleue-Banque-Populaire-2-PC.EXE c:\Documents and Settings\BEN\Mes documents\IMPOTS\jre-1_5_0_06-windows-i586-p-iftw.exe c:\Documents and Settings\BEN\Mes documents\lg 7020\WSC-MA2-SMAF-u\wscma2\wscma2u.exe c:\Documents and Settings\BEN\Mes documents\toschiba\backgrnd.exe c:\Documents and Settings\BEN\Mes documents\toschiba\freedom.exe c:\Documents and Settings\BEN\Mes documents\adrenalynmovies.fre.fr\real player alternative.exe c:\Documents and Settings\BEN\Bureau\Freeplayer-Win32-20050905.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_152a65fa.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_76ce4ba2.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe c:\Documents and Settings\BEN\My Documents\Morpheus Shared\Downloads\LimeWireWin4.12.3.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\BEN\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Pour l'analyse Panda le chargement des activX se stop à la moitier puis plus rien donc g pas pu faire d'analyse. Je n'ai pas de fichier en gra dans \system32 mais g suprimé de fichier dmcpl.exe. Internet ramme toujours, je fé koi maintenant? Merci -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
Logfile of HijackThis v1.99.1 Scan saved at 13:45:15, on 19/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\BEN\LOCALS~1\Temp\Rar$EX00.064\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03 O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe rappot diaghelp: C:\WINDOWS\System32\Uninstall.ico -->19/09/2006 14:07:46 C:\WINDOWS\System32\Help.ico -->19/09/2006 14:07:46 C:\WINDOWS\System32\pavas.ico -->19/09/2006 14:07:46 C:\WINDOWS\System32\vsconfig.xml -->19/09/2006 14:01:04 C:\WINDOWS\System32\wpa.dbl -->10/09/2006 04:54:44 C:\WINDOWS\System32\swreg.exe -->29/08/2006 19:43:54 C:\WINDOWS\System32\FNTCACHE.DAT -->24/08/2006 13:03:08 C:\WINDOWS\System32\asuninst.exe -->02/08/2006 12:39:06 C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->07/05/2006 20:24:02 C:\WINDOWS\System32\rmoc3260.dll -->05/05/2006 19:08:24 C:\WINDOWS\System32\pndx5032.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pndx5016.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pncrt.dll -->05/05/2006 19:08:00 C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12 C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08 C:\WINDOWS\System32\SrchSTS.exe -->27/04/2006 17:49:30 C:\WINDOWS\System32\affv9869p2now.sys -->20/04/2006 18:54:10 C:\WINDOWS\System32\sirenacm.dll -->25/01/2006 05:34:24 C:\WINDOWS\System32\DKRNL.JAX -->10/01/2006 20:31:46 C:\WINDOWS\System32\swsc.exe -->09/01/2006 10:36:06 C:\WINDOWS\System32\amcompat.tlb -->18/12/2005 18:28:06 C:\WINDOWS\System32\nscompat.tlb -->18/12/2005 18:28:06 C:\WINDOWS\System32\javaws.exe -->10/11/2005 13:03:54 C:\WINDOWS\System32\jpicpl32.cpl -->10/11/2005 13:03:50 C:\WINDOWS\System32\javaw.exe -->10/11/2005 11:27:16 C:\WINDOWS\setupapi.log -->19/09/2006 14:08:36 C:\WINDOWS\wiadebug.log -->19/09/2006 13:58:26 C:\WINDOWS\0.log -->19/09/2006 13:58:14 C:\WINDOWS\bootstat.dat -->19/09/2006 13:58:02 C:\WINDOWS\ntbtlog.txt -->19/09/2006 13:57:08 C:\WINDOWS\wiaservc.log -->19/09/2006 13:39:56 C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt -->18/09/2006 19:39:48 C:\WINDOWS\setupact.log -->18/09/2006 16:57:32 C:\WINDOWS\setuperr.log -->17/09/2006 23:22:42 C:\WINDOWS\SYSTEM.INI -->16/09/2006 12:04:38 C:\WINDOWS\win.ini -->16/09/2006 12:04:38 C:\WINDOWS\SchedLgU.Txt -->14/09/2006 16:12:36 C:\WINDOWS\NeroDigital.ini -->14/09/2006 13:20:52 C:\WINDOWS\QTFont.for -->12/09/2006 19:17:54 C:\WINDOWS\QTFont.qfn -->12/09/2006 19:17:54 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\trackerpod_server.exe |03/10/2005 21:43:35 C:\WINDOWS\vsnpstd.exe |08/10/2005 16:01:15 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\MTITSunst.exe |01/06/2005 19:12:17 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\getnode.dll |15/04/2003 10:05:20 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\ltmm_n.dll |23/06/2005 19:29:39 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\rsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\vsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\dsnpstd.dll |08/10/2005 16:01:15 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\csnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\SrchSTS.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\system32 30/08/2002 13:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 16 096 804 864 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\Downloaded Program Files 15/04/2003 09:00 <REP> . 15/04/2003 09:00 <REP> .. 15/04/2003 09:00 65 desktop.ini 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 23/05/2005 13:41 495 LegitCheckControl.inf 30/12/2004 11:29 267 328 fpu.ocx 30/12/2004 11:29 3 071 fpu.inf 27/03/2006 13:00 5 019 swflash.inf 31/10/2001 10:37 118 uninst.bat 12/07/2000 02:02 36 864 fxfileop.dll 30/01/2003 16:52 348 160 bitdefender.ocx 21/03/2002 15:26 815 bitdefender.inf 02/09/2005 16:41 135 168 asinst.dll 02/09/2005 14:50 525 asinst.inf 13 fichier(s) 799 487 octets Total des fichiers listés : 13 fichier(s) 799 487 octets 2 Rép(s) 16 096 804 864 octets libres Liste des programmes installes ACDSee for Pentax 2.0 ACE Mega CoDecS Pack Ad-aware 6 Personal Adobe Acrobat 5.0 Adobe Premiere Pro Alcohol 120% (Trial Version) Archiveur WinRAR AVG Free Edition Azureus Bluetooth Easy Connect Bluetooth Stack for Windows by Toshiba BSPlayer Canon MP Drivers 7.0 Canon MP Navigator 1.1 Canon ScanGear Starter Canon Utilities Easy-PhotoPrint CCleaner (remove only) CloneDVD Commandes TOSHIBA Console TOSHIBA Correctif Windows XP (SP2) Q810565 e-Carte Bleue Banque Populaire Economie TOSHIBA eMule ewido anti-spyware 4.0 Formatage de carte mémoire SD TOSHIBA Freeplayer FTP Expert 3 Google Earth Guitar Pro 4.0 HijackThis 1.99.1 Hollywood FX GOLD Intel® PRO Ethernet Adapter and Software InterVideo WinDVD 4 J2SE Runtime Environment 5.0 Update 6 Kazaa Lite K++ v2.4.2 Lecteur Windows Media 10 LimeWire PRO 4.12.3 Lyra Jukebox Applications Macromedia Dreamweaver MX Manuels TOSHIBA Microsoft .NET Framework (French) Microsoft .NET Framework (French) v1.0.3705 Microsoft AutoRoute 2002 Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Word 2002 Microsoft Works 7.0 Morpheus 5.2 (remove only) Mozilla (1.7.3) (fr) MP3 Turbo Injector 1.5 MSN Messenger 7.5 Nero OEM NVIDIA Windows 2000/XP Display Drivers OmniPage SE 2.0 OS Pack Works Suite Package du correctif Windows XP [voir Q329048 pour plus de détails] Package du correctif Windows XP [voir q329112 pour plus de détails] Package du correctif Windows XP [voir Q329115 pour plus de détails] Package du correctif Windows XP [voir Q329390 pour plus de détails] PDF Manager 3.00 PerfectAed QuickTime Alternative 1.70 Real Alternative 1.21 RealPlayer Spybot - Search & Destroy 1.3 Steganos Internet Anonym 7.0.9 Sélecteur d'installation de Microsoft Works Suite 2003 Synaptics cPad Synaptics Pointing Device Driver TOSHIBA ConfigFree Toshiba Hotkey - Utilitaire de sélection du périphérique d'affichage TOSHIBA MEDIA PLAYER V1.7 TOSHIBA Mobile Extension3 pour Windows XP V3.27.00.XP TOSHIBA Satellite Demo Toshiba screensaver TOSHIBA Software Modem TOSHIBA Utilities Ulead COOL 3D Studio Ulead DVD Workshop Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00 VideoCAM Eye VideoLAN VLC media player 0.8.5 Viewpoint Media Player (Remove Only) WaveL Pic2Pic WebFldrs XP WinAVI VideoConverter Windows Media Format Runtime Windows Media Player 9 Series TweakMP PowerToy Wireless-G Notebook Adapter Wireless Hotkey WMP_do_MP3 version 5.0.1 YAMAHA AC-XG WDM ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Fichiers communs 15/04/2003 08:57 <REP> Windows NT 15/04/2003 08:57 <REP> MSN 15/04/2003 08:58 <REP> MSN Gaming Zone 15/04/2003 08:58 <REP> Messenger 15/04/2003 08:58 <REP> Windows Media Player 15/04/2003 08:58 <REP> Services en ligne 15/04/2003 08:58 <REP> ComPlus Applications 15/04/2003 08:59 <REP> Internet Explorer 15/04/2003 08:59 <REP> Outlook Express 15/04/2003 08:59 <REP> NetMeeting 15/04/2003 08:59 <REP> Movie Maker 15/04/2003 09:03 <REP> microsoft frontpage 15/04/2003 09:03 <REP> xerox 15/04/2003 10:01 <REP> TOSHIBA 15/04/2003 10:40 <REP> Adobe 15/04/2003 10:41 <REP> Synaptics 15/04/2003 10:48 <REP> InterVideo 22/04/2005 11:58 <REP> Linksys 22/04/2005 12:10 <REP> Zone Labs 22/04/2005 12:15 <REP> Grisoft 22/04/2005 12:30 <REP> Netscape 22/04/2005 12:31 <REP> Viewpoint 22/04/2005 12:56 <REP> MSN Messenger 22/04/2005 12:59 <REP> Mozilla Firefox 22/04/2005 14:23 <REP> ACE Mega CoDecS Pack 22/04/2005 14:44 <REP> Webteh 22/04/2005 14:45 <REP> VideoLAN 22/04/2005 14:46 <REP> WinRAR 04/05/2005 21:49 <REP> Kazaa Lite K++ 22/06/2005 20:45 <REP> Ahead 22/06/2006 13:33 <REP> e-Carte Bleue 22/04/2005 15:12 <REP> Nouveau dossier 22/04/2005 15:15 <REP> eMule 22/04/2005 15:20 <REP> Ad-aware 22/04/2005 15:20 <REP> RegCleaner 22/04/2005 15:21 <REP> Spybot - Search & Destroy 22/04/2005 15:22 <REP> Lavasoft 22/04/2005 15:23 <REP> RamBooster 22/04/2005 15:38 <REP> mozilla.org 26/04/2005 15:53 <REP> WaveL Pic2Pic 26/04/2005 16:03 <REP> ACD Systems 03/05/2005 21:48 <REP> PDF Manager 17/05/2005 13:10 <REP> Microsoft Office 23/05/2005 15:33 <REP> Microsoft Works Suite 2003 23/05/2005 15:33 <REP> Microsoft Works 01/06/2005 17:40 <REP> Unrelated Inventions 01/06/2005 18:12 <REP> PerfectAed 23/06/2005 17:48 <REP> directx 01/06/2005 18:04 <REP> Softal 01/06/2005 19:12 <REP> Ultimate Systems 24/06/2005 00:50 <REP> ICOO Loader 23/06/2005 01:48 <REP> Ulead Systems 23/06/2005 17:02 <REP> K-Lite Codec Pack 03/10/2005 21:43 <REP> Eagletron 23/06/2005 18:08 <REP> Free Download Manager 07/08/2005 13:25 <REP> EPSON 20/09/2005 01:18 <REP> Freeplayer 20/09/2005 21:04 <REP> Macromedia 20/04/2006 18:54 <REP> WinAVI VideoConverter 21/09/2005 00:32 <REP> Visicom Media 05/10/2005 17:40 <REP> Microsoft AutoRoute 06/10/2005 20:53 <REP> Xilisoft 08/10/2005 16:01 <REP> VideoCAM Eye 23/12/2005 20:00 <REP> Alcohol Soft 25/12/2005 18:03 <REP> Canon 25/12/2005 18:12 <REP> ScanSoft 10/01/2006 20:06 <REP> Pinnacle 13/02/2006 15:40 <REP> QuickTime 13/02/2006 16:03 <REP> Real 14/02/2006 05:56 <REP> Real Alternative 14/02/2006 05:56 <REP> Media Player Classic 25/03/2006 15:31 <REP> Elaborate Bytes 07/05/2006 20:22 <REP> Java 14/05/2006 19:00 <REP> Yahoo! 20/08/2006 20:21 <REP> Azureus 12/06/2006 12:37 <REP> Thomson 16/06/2006 18:35 <REP> CCleaner 18/05/2006 12:47 <REP> Passware 06/07/2006 19:54 <REP> Google 10/07/2006 18:08 <REP> Guitar Pro 4 18/07/2006 18:36 <REP> QuickTime Alternative 20/08/2006 20:56 <REP> Morpheus 21/08/2006 16:04 <REP> LimeWire 14/09/2006 13:42 <REP> Steganos Internet Anonym 7 14/09/2006 13:42 <REP> Secure Surfing Engine 18/09/2006 12:22 <REP> ewido anti-spyware 4.0 18/09/2006 01:13 <REP> HijackThis 0 fichier(s) 0 octets 90 Rép(s) 16 096 231 424 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files\fichiers communs 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Microsoft Shared 15/04/2003 08:53 <REP> SpeechEngines 15/04/2003 08:53 <REP> ODBC 15/04/2003 08:59 <REP> System 15/04/2003 08:59 <REP> MSSoap 15/04/2003 08:59 <REP> Services 15/04/2003 09:15 <REP> InstallShield 15/04/2003 10:40 <REP> Adobe 22/04/2005 12:30 <REP> mozilla.org 26/04/2005 16:03 <REP> ACD Systems 31/05/2005 03:10 <REP> Designer 22/06/2005 21:57 <REP> Ahead 23/06/2005 01:48 <REP> Ulead Systems 20/09/2005 21:05 <REP> Macromedia 20/09/2005 21:06 <REP> Vbox 08/10/2005 16:01 <REP> VCAMEye 25/12/2005 18:12 <REP> ScanSoft Shared 13/02/2006 16:03 <REP> Real 05/05/2006 19:08 <REP> xing shared 07/05/2006 20:21 <REP> Java 0 fichier(s) 0 octets 22 Rép(s) 16 096 739 328 octets libres c:\Documents and Settings\BEN\Menu Démarrer\Programmes\WinRAR\wrar330fr.exe c:\Documents and Settings\BEN\Mes documents\realalt121.exe c:\Documents and Settings\BEN\Mes documents\WM9Powertoy_TweakMP.EXE c:\Documents and Settings\BEN\Mes documents\XviD-1.0-RC4-05042004.exe c:\Documents and Settings\BEN\Mes documents\AIR FRANCE\crac-nero\cr-nve20.exe c:\Documents and Settings\BEN\Mes documents\BICS\eCarteBleue-Banque-Populaire-2-PC.EXE c:\Documents and Settings\BEN\Mes documents\IMPOTS\jre-1_5_0_06-windows-i586-p-iftw.exe c:\Documents and Settings\BEN\Mes documents\lg 7020\WSC-MA2-SMAF-u\wscma2\wscma2u.exe c:\Documents and Settings\BEN\Mes documents\toschiba\backgrnd.exe c:\Documents and Settings\BEN\Mes documents\toschiba\freedom.exe c:\Documents and Settings\BEN\Mes documents\adrenalynmovies.fre.fr\real player alternative.exe c:\Documents and Settings\BEN\Bureau\Freeplayer-Win32-20050905.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_152a65fa.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_76ce4ba2.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe c:\Documents and Settings\BEN\My Documents\Morpheus Shared\Downloads\LimeWireWin4.12.3.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\BEN\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Pour l'analyse Panda le chargement des activeX se bloque à la moitier puis plus rien ne se passe donc pas d'analyse, et dans system32 je n'ai pas de fichier en gras mais j'ai suprimé le ficherdmcpl.exe merci , je fé koi maintenant? -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
voila c fé! -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:47:43 18/09/2006 + Scan result: C:\!KillBox\msclock32.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP1\A0000361.dll -> Adware.NaviPromo : Cleaned with backup (quarantined). C:\Program Files\Ultimate Systems\MP3TI\TSAdBot.exe -> Adware.TimeSink : Cleaned with backup (quarantined). :mozilla.130:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.131:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.135:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.56:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.57:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.58:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.59:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.227:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.231:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.285:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.177:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.178:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.65:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.66:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.139:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.140:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.141:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.83:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.84:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.85:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.86:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.87:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.88:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.89:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.79:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). :mozilla.99:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). :mozilla.42:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). :mozilla.55:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). :mozilla.256:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.258:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.259:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.192:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined). :mozilla.231:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined). :mozilla.232:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined). :mozilla.233:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined). :mozilla.75:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined). :mozilla.76:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined). :mozilla.77:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined). :mozilla.244:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). :mozilla.41:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). :mozilla.6:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). :mozilla.9:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). :mozilla.101:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.142:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined). :mozilla.28:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined). :mozilla.272:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.273:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.274:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.275:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.276:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.42:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.43:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.44:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.45:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.159:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.257:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.124:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.173:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.208:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.261:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.209:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.210:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.213:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.214:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.100:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). :mozilla.101:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). :mozilla.104:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). :mozilla.31:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). :mozilla.32:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). :mozilla.43:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.47:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.48:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.49:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.50:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.23:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.24:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.25:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.44:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.45:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.46:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.278:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.116:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.118:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.119:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.120:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.120:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.122:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.222:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.260:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.136:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.137:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.282:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.293:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.10:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). :mozilla.11:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). :mozilla.12:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). :mozilla.13:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). :mozilla.92:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). :mozilla.25:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.26:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.27:C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\Utilisateur par défaut\fkaye4l8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 17:06:07, on 18/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\cleanmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\BEN\LOCALS~1\Temp\Rar$EX00.033\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03 O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [urojhsibtw] c:\windows\system32\urojhsibtw.exe urojhsibtw O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe rapport diaghelp: C:\WINDOWS\System32\vsconfig.xml -->18/09/2006 16:32:16 C:\WINDOWS\System32\wpa.dbl -->10/09/2006 04:54:44 C:\WINDOWS\System32\swreg.exe -->29/08/2006 19:43:54 C:\WINDOWS\System32\FNTCACHE.DAT -->24/08/2006 13:03:08 C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->07/05/2006 20:24:02 C:\WINDOWS\System32\rmoc3260.dll -->05/05/2006 19:08:24 C:\WINDOWS\System32\pndx5032.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pndx5016.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pncrt.dll -->05/05/2006 19:08:00 C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12 C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08 C:\WINDOWS\System32\SrchSTS.exe -->27/04/2006 17:49:30 C:\WINDOWS\System32\affv9869p2now.sys -->20/04/2006 18:54:10 C:\WINDOWS\System32\sirenacm.dll -->25/01/2006 05:34:24 C:\WINDOWS\System32\DKRNL.JAX -->10/01/2006 20:31:46 C:\WINDOWS\System32\swsc.exe -->09/01/2006 10:36:06 C:\WINDOWS\System32\amcompat.tlb -->18/12/2005 18:28:06 C:\WINDOWS\System32\nscompat.tlb -->18/12/2005 18:28:06 C:\WINDOWS\System32\javaws.exe -->10/11/2005 13:03:54 C:\WINDOWS\System32\jpicpl32.cpl -->10/11/2005 13:03:50 C:\WINDOWS\System32\javaw.exe -->10/11/2005 11:27:16 C:\WINDOWS\System32\java.exe -->10/11/2005 11:27:06 C:\WINDOWS\System32\perfh00C.dat -->19/09/2005 21:37:02 C:\WINDOWS\System32\perfc00C.dat -->19/09/2005 21:37:02 C:\WINDOWS\System32\perfh009.dat -->19/09/2005 21:37:02 C:\WINDOWS\ntbtlog.txt -->18/09/2006 17:29:32 C:\WINDOWS\setupact.log -->18/09/2006 16:57:32 C:\WINDOWS\bootstat.dat -->18/09/2006 16:36:52 C:\WINDOWS\wiadebug.log -->18/09/2006 16:35:44 C:\WINDOWS\wiaservc.log -->18/09/2006 16:35:44 C:\WINDOWS\0.log -->18/09/2006 16:29:24 C:\WINDOWS\setupapi.log -->18/09/2006 01:19:08 C:\WINDOWS\setuperr.log -->17/09/2006 23:22:42 C:\WINDOWS\SYSTEM.INI -->16/09/2006 12:04:38 C:\WINDOWS\win.ini -->16/09/2006 12:04:38 C:\WINDOWS\SchedLgU.Txt -->14/09/2006 16:12:36 C:\WINDOWS\NeroDigital.ini -->14/09/2006 13:20:52 C:\WINDOWS\QTFont.for -->12/09/2006 19:17:54 C:\WINDOWS\QTFont.qfn -->12/09/2006 19:17:54 C:\WINDOWS\mozver.dat -->24/08/2006 01:04:36 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\trackerpod_server.exe |03/10/2005 21:43:35 C:\WINDOWS\vsnpstd.exe |08/10/2005 16:01:15 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\MTITSunst.exe |01/06/2005 19:12:17 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\getnode.dll |15/04/2003 10:05:20 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\ltmm_n.dll |23/06/2005 19:29:39 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\rsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\vsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\dsnpstd.dll |08/10/2005 16:01:15 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\csnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\SrchSTS.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\system32 30/08/2002 13:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 16 151 265 280 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\system32 12/04/2003 09:54 1 323 008 dmcpl.exe 1 fichier(s) 1 323 008 octets 0 Rép(s) 16 151 265 280 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\Downloaded Program Files 15/04/2003 09:00 <REP> . 15/04/2003 09:00 <REP> .. 15/04/2003 09:00 65 desktop.ini 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 23/05/2005 13:41 495 LegitCheckControl.inf 30/12/2004 11:29 267 328 fpu.ocx 30/12/2004 11:29 3 071 fpu.inf 27/03/2006 13:00 5 019 swflash.inf 31/10/2001 10:37 118 uninst.bat 12/07/2000 02:02 36 864 fxfileop.dll 30/01/2003 16:52 348 160 bitdefender.ocx 21/03/2002 15:26 815 bitdefender.inf 11 fichier(s) 663 794 octets Total des fichiers listés : 11 fichier(s) 663 794 octets 2 Rép(s) 16 151 265 280 octets libres Liste des programmes installes ACDSee for Pentax 2.0 ACE Mega CoDecS Pack Ad-aware 6 Personal Adobe Acrobat 5.0 Adobe Premiere Pro Alcohol 120% (Trial Version) Archiveur WinRAR AVG Free Edition Azureus Bluetooth Easy Connect Bluetooth Stack for Windows by Toshiba BSPlayer Canon MP Drivers 7.0 Canon MP Navigator 1.1 Canon ScanGear Starter Canon Utilities Easy-PhotoPrint CCleaner (remove only) CloneDVD Commandes TOSHIBA Console TOSHIBA Correctif Windows XP (SP2) Q810565 e-Carte Bleue Banque Populaire Economie TOSHIBA eMule ewido anti-spyware 4.0 Formatage de carte mémoire SD TOSHIBA Freeplayer FTP Expert 3 Google Earth Guitar Pro 4.0 HijackThis 1.99.1 Hollywood FX GOLD Intel® PRO Ethernet Adapter and Software InterVideo WinDVD 4 J2SE Runtime Environment 5.0 Update 6 Kazaa Lite K++ v2.4.2 Lecteur Windows Media 10 LimeWire PRO 4.12.3 Lyra Jukebox Applications Macromedia Dreamweaver MX Manuels TOSHIBA Microsoft .NET Framework (French) Microsoft .NET Framework (French) v1.0.3705 Microsoft AutoRoute 2002 Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Word 2002 Microsoft Works 7.0 Morpheus 5.2 (remove only) Mozilla (1.7.3) (fr) MP3 Turbo Injector 1.5 MSN Messenger 7.5 Nero OEM NVIDIA Windows 2000/XP Display Drivers OmniPage SE 2.0 OS Pack Works Suite Package du correctif Windows XP [voir Q329048 pour plus de détails] Package du correctif Windows XP [voir q329112 pour plus de détails] Package du correctif Windows XP [voir Q329115 pour plus de détails] Package du correctif Windows XP [voir Q329390 pour plus de détails] PDF Manager 3.00 PerfectAed QuickTime Alternative 1.70 Real Alternative 1.21 RealPlayer Spybot - Search & Destroy 1.3 Steganos Internet Anonym 7.0.9 Sélecteur d'installation de Microsoft Works Suite 2003 Synaptics cPad Synaptics Pointing Device Driver TOSHIBA ConfigFree Toshiba Hotkey - Utilitaire de sélection du périphérique d'affichage TOSHIBA MEDIA PLAYER V1.7 TOSHIBA Mobile Extension3 pour Windows XP V3.27.00.XP TOSHIBA Satellite Demo Toshiba screensaver TOSHIBA Software Modem TOSHIBA Utilities Ulead COOL 3D Studio Ulead DVD Workshop Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00 VideoCAM Eye VideoLAN VLC media player 0.8.5 Viewpoint Media Player (Remove Only) WaveL Pic2Pic WebFldrs XP WinAVI VideoConverter Windows Media Format Runtime Windows Media Player 9 Series TweakMP PowerToy Wireless-G Notebook Adapter Wireless Hotkey WMP_do_MP3 version 5.0.1 YAMAHA AC-XG WDM ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Fichiers communs 15/04/2003 08:57 <REP> Windows NT 15/04/2003 08:57 <REP> MSN 15/04/2003 08:58 <REP> MSN Gaming Zone 15/04/2003 08:58 <REP> Messenger 15/04/2003 08:58 <REP> Windows Media Player 15/04/2003 08:58 <REP> Services en ligne 15/04/2003 08:58 <REP> ComPlus Applications 15/04/2003 08:59 <REP> Internet Explorer 15/04/2003 08:59 <REP> Outlook Express 15/04/2003 08:59 <REP> NetMeeting 15/04/2003 08:59 <REP> Movie Maker 15/04/2003 09:03 <REP> microsoft frontpage 15/04/2003 09:03 <REP> xerox 15/04/2003 10:01 <REP> TOSHIBA 15/04/2003 10:40 <REP> Adobe 15/04/2003 10:41 <REP> Synaptics 15/04/2003 10:48 <REP> InterVideo 22/04/2005 11:58 <REP> Linksys 22/04/2005 12:10 <REP> Zone Labs 22/04/2005 12:15 <REP> Grisoft 22/04/2005 12:30 <REP> Netscape 22/04/2005 12:31 <REP> Viewpoint 22/04/2005 12:56 <REP> MSN Messenger 22/04/2005 12:59 <REP> Mozilla Firefox 22/04/2005 14:23 <REP> ACE Mega CoDecS Pack 22/04/2005 14:44 <REP> Webteh 22/04/2005 14:45 <REP> VideoLAN 22/04/2005 14:46 <REP> WinRAR 04/05/2005 21:49 <REP> Kazaa Lite K++ 22/06/2005 20:45 <REP> Ahead 22/06/2006 13:33 <REP> e-Carte Bleue 22/04/2005 15:12 <REP> Nouveau dossier 22/04/2005 15:15 <REP> eMule 22/04/2005 15:20 <REP> Ad-aware 22/04/2005 15:20 <REP> RegCleaner 22/04/2005 15:21 <REP> Spybot - Search & Destroy 22/04/2005 15:22 <REP> Lavasoft 22/04/2005 15:23 <REP> RamBooster 22/04/2005 15:38 <REP> mozilla.org 26/04/2005 15:53 <REP> WaveL Pic2Pic 26/04/2005 16:03 <REP> ACD Systems 03/05/2005 21:48 <REP> PDF Manager 17/05/2005 13:10 <REP> Microsoft Office 23/05/2005 15:33 <REP> Microsoft Works Suite 2003 23/05/2005 15:33 <REP> Microsoft Works 01/06/2005 17:40 <REP> Unrelated Inventions 01/06/2005 18:12 <REP> PerfectAed 23/06/2005 17:48 <REP> directx 01/06/2005 18:04 <REP> Softal 01/06/2005 19:12 <REP> Ultimate Systems 24/06/2005 00:50 <REP> ICOO Loader 23/06/2005 01:48 <REP> Ulead Systems 23/06/2005 17:02 <REP> K-Lite Codec Pack 03/10/2005 21:43 <REP> Eagletron 23/06/2005 18:08 <REP> Free Download Manager 07/08/2005 13:25 <REP> EPSON 20/09/2005 01:18 <REP> Freeplayer 20/09/2005 21:04 <REP> Macromedia 20/04/2006 18:54 <REP> WinAVI VideoConverter 21/09/2005 00:32 <REP> Visicom Media 05/10/2005 17:40 <REP> Microsoft AutoRoute 06/10/2005 20:53 <REP> Xilisoft 08/10/2005 16:01 <REP> VideoCAM Eye 23/12/2005 20:00 <REP> Alcohol Soft 25/12/2005 18:03 <REP> Canon 25/12/2005 18:12 <REP> ScanSoft 10/01/2006 20:06 <REP> Pinnacle 13/02/2006 15:40 <REP> QuickTime 13/02/2006 16:03 <REP> Real 14/02/2006 05:56 <REP> Real Alternative 14/02/2006 05:56 <REP> Media Player Classic 25/03/2006 15:31 <REP> Elaborate Bytes 07/05/2006 20:22 <REP> Java 14/05/2006 19:00 <REP> Yahoo! 20/08/2006 20:21 <REP> Azureus 12/06/2006 12:37 <REP> Thomson 16/06/2006 18:35 <REP> CCleaner 18/05/2006 12:47 <REP> Passware 06/07/2006 19:54 <REP> Google 10/07/2006 18:08 <REP> Guitar Pro 4 18/07/2006 18:36 <REP> QuickTime Alternative 20/08/2006 20:56 <REP> Morpheus 21/08/2006 16:04 <REP> LimeWire 14/09/2006 13:42 <REP> Steganos Internet Anonym 7 14/09/2006 13:42 <REP> Secure Surfing Engine 18/09/2006 12:22 <REP> ewido anti-spyware 4.0 18/09/2006 01:13 <REP> HijackThis 0 fichier(s) 0 octets 90 Rép(s) 16 150 740 992 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files\fichiers communs 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Microsoft Shared 15/04/2003 08:53 <REP> SpeechEngines 15/04/2003 08:53 <REP> ODBC 15/04/2003 08:59 <REP> System 15/04/2003 08:59 <REP> MSSoap 15/04/2003 08:59 <REP> Services 15/04/2003 09:15 <REP> InstallShield 15/04/2003 10:40 <REP> Adobe 22/04/2005 12:30 <REP> mozilla.org 26/04/2005 16:03 <REP> ACD Systems 31/05/2005 03:10 <REP> Designer 22/06/2005 21:57 <REP> Ahead 23/06/2005 01:48 <REP> Ulead Systems 20/09/2005 21:05 <REP> Macromedia 20/09/2005 21:06 <REP> Vbox 08/10/2005 16:01 <REP> VCAMEye 25/12/2005 18:12 <REP> ScanSoft Shared 13/02/2006 16:03 <REP> Real 05/05/2006 19:08 <REP> xing shared 07/05/2006 20:21 <REP> Java 0 fichier(s) 0 octets 22 Rép(s) 16 151 248 896 octets libres c:\Documents and Settings\BEN\Menu Démarrer\Programmes\WinRAR\wrar330fr.exe c:\Documents and Settings\BEN\Mes documents\realalt121.exe c:\Documents and Settings\BEN\Mes documents\WM9Powertoy_TweakMP.EXE c:\Documents and Settings\BEN\Mes documents\XviD-1.0-RC4-05042004.exe c:\Documents and Settings\BEN\Mes documents\AIR FRANCE\crac-nero\cr-nve20.exe c:\Documents and Settings\BEN\Mes documents\BICS\eCarteBleue-Banque-Populaire-2-PC.EXE c:\Documents and Settings\BEN\Mes documents\IMPOTS\jre-1_5_0_06-windows-i586-p-iftw.exe c:\Documents and Settings\BEN\Mes documents\lg 7020\WSC-MA2-SMAF-u\wscma2\wscma2u.exe c:\Documents and Settings\BEN\Mes documents\toschiba\backgrnd.exe c:\Documents and Settings\BEN\Mes documents\toschiba\freedom.exe c:\Documents and Settings\BEN\Mes documents\adrenalynmovies.fre.fr\real player alternative.exe c:\Documents and Settings\BEN\Bureau\ATF-Cleaner.exe c:\Documents and Settings\BEN\Bureau\ewido-setup_4.0.0.172c.exe c:\Documents and Settings\BEN\Bureau\Freeplayer-Win32-20050905.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\download.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\dumphive.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\Reboot.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\swsc.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix\unzip.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\DiagHelp\diaghelp\FilesInfoCmd.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\DiagHelp\diaghelp\Fport.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\DiagHelp\diaghelp\grep.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\DiagHelp\diaghelp\LFiles.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\DiagHelp\diaghelp\LISTDLLS.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\DiagHelp\diaghelp\pslist.exe c:\Documents and Settings\BEN\Bureau\Nouveau dossier\DiagHelp\diaghelp\streams.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_152a65fa.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_76ce4ba2.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe c:\Documents and Settings\BEN\My Documents\Morpheus Shared\Downloads\LimeWireWin4.12.3.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\BEN\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll SmitFraudFix v2.91 Rapport fait à 16:57:27,34, 18/09/2006 Executé à partir de C:\Documents and Settings\BEN\Bureau\Nouveau dossier\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
voila: (exuse g pas trouvé comment tu voulais que je les poste) C:\WINDOWS\System32\vsconfig.xml -->18/09/2006 02:13:36 C:\WINDOWS\System32\wpa.dbl -->10/09/2006 04:54:44 C:\WINDOWS\System32\urojhsibtw_navps.dat -->02/09/2006 00:39:58 C:\WINDOWS\System32\urojhsibtw.dat -->02/09/2006 00:39:08 C:\WINDOWS\System32\swreg.exe -->29/08/2006 19:43:54 C:\WINDOWS\System32\urojhsibtw_nav.dat -->26/08/2006 01:35:02 C:\WINDOWS\System32\FNTCACHE.DAT -->24/08/2006 13:03:08 C:\WINDOWS\System32\msclock32.dll -->14/05/2006 12:59:46 C:\WINDOWS\System32\mneauwzpfi_navps.dat -->14/05/2006 12:55:42 C:\WINDOWS\System32\mneauwzpfi.dat -->14/05/2006 12:55:16 C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->07/05/2006 20:24:02 C:\WINDOWS\System32\rmoc3260.dll -->05/05/2006 19:08:24 C:\WINDOWS\System32\pndx5032.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pndx5016.dll -->05/05/2006 19:08:04 C:\WINDOWS\System32\pncrt.dll -->05/05/2006 19:08:00 C:\WINDOWS\System32\mneauwzpfi_nav.dat -->05/05/2006 15:03:32 C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12 C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08 C:\WINDOWS\System32\SrchSTS.exe -->27/04/2006 17:49:30 C:\WINDOWS\System32\affv9869p2now.sys -->20/04/2006 18:54:10 C:\WINDOWS\System32\bsrjqzctfx.exe -->23/02/2006 12:03:40 C:\WINDOWS\System32\sirenacm.dll -->25/01/2006 05:34:24 C:\WINDOWS\System32\DKRNL.JAX -->10/01/2006 20:31:46 C:\WINDOWS\System32\swsc.exe -->09/01/2006 10:36:06 C:\WINDOWS\System32\amcompat.tlb -->18/12/2005 18:28:06 C:\WINDOWS\wiadebug.log -->18/09/2006 02:11:16 C:\WINDOWS\0.log -->18/09/2006 02:11:04 C:\WINDOWS\bootstat.dat -->18/09/2006 02:10:50 C:\WINDOWS\wiaservc.log -->18/09/2006 02:09:52 C:\WINDOWS\setupapi.log -->18/09/2006 01:19:08 C:\WINDOWS\ntbtlog.txt -->18/09/2006 01:02:36 C:\WINDOWS\setuperr.log -->17/09/2006 23:22:42 C:\WINDOWS\setupact.log -->17/09/2006 23:22:42 C:\WINDOWS\SYSTEM.INI -->16/09/2006 12:04:38 C:\WINDOWS\win.ini -->16/09/2006 12:04:38 C:\WINDOWS\SchedLgU.Txt -->14/09/2006 16:12:36 C:\WINDOWS\NeroDigital.ini -->14/09/2006 13:20:52 C:\WINDOWS\QTFont.for -->12/09/2006 19:17:54 C:\WINDOWS\QTFont.qfn -->12/09/2006 19:17:54 C:\WINDOWS\mozver.dat -->24/08/2006 01:04:36 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\trackerpod_server.exe |03/10/2005 21:43:35 C:\WINDOWS\vsnpstd.exe |08/10/2005 16:01:15 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\MTITSunst.exe |01/06/2005 19:12:17 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\bsrjqzctfx.exe |23/02/2006 12:03:38 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\getnode.dll |15/04/2003 10:05:20 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\ltmm_n.dll |23/06/2005 19:29:39 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\rsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\vsnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\dsnpstd.dll |08/10/2005 16:01:15 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\csnpstd.dll |08/10/2005 16:01:16 C:\WINDOWS\system32\msclock32.dll |22/02/2006 23:58:44 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18 C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35 C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00 C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27 C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20 C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27 C:\WINDOWS\system32\bsrjqzctfx.exe |23/02/2006 12:03:38 C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\SrchSTS.exe |18/09/2006 01:48:37 C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20 C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52 C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26 C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58 C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32 C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34 C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00 C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04 C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27 C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33 C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54 C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30 C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44 C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40 C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30 C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25 C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46 C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50 C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52 C:\WINDOWS\system32\msclock32.dll |22/02/2006 23:58:44 C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32 C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25 C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\system32 30/08/2002 13:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 16 270 999 552 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\system32 12/04/2003 09:54 1 323 008 dmcpl.exe 1 fichier(s) 1 323 008 octets 0 Rép(s) 16 270 999 552 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\WINDOWS\Downloaded Program Files 15/04/2003 09:00 <REP> . 15/04/2003 09:00 <REP> .. 15/04/2003 09:00 65 desktop.ini 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 23/05/2005 13:41 495 LegitCheckControl.inf 30/12/2004 11:29 267 328 fpu.ocx 30/12/2004 11:29 3 071 fpu.inf 27/03/2006 13:00 5 019 swflash.inf 31/10/2001 10:37 118 uninst.bat 12/07/2000 02:02 36 864 fxfileop.dll 30/01/2003 16:52 348 160 bitdefender.ocx 21/03/2002 15:26 815 bitdefender.inf 11 fichier(s) 663 794 octets Total des fichiers listés : 11 fichier(s) 663 794 octets 2 Rép(s) 16 270 999 552 octets libres Liste des programmes installes ACDSee for Pentax 2.0 ACE Mega CoDecS Pack Ad-aware 6 Personal Adobe Acrobat 5.0 Adobe Premiere Pro Alcohol 120% (Trial Version) Archiveur WinRAR AVG Free Edition Azureus Bluetooth Easy Connect Bluetooth Stack for Windows by Toshiba BSPlayer Canon MP Drivers 7.0 Canon MP Navigator 1.1 Canon ScanGear Starter Canon Utilities Easy-PhotoPrint CCleaner (remove only) CloneDVD Commandes TOSHIBA Console TOSHIBA Correctif Windows XP (SP2) Q810565 e-Carte Bleue Banque Populaire Economie TOSHIBA eMule Formatage de carte mémoire SD TOSHIBA Freeplayer FTP Expert 3 Google Earth Guitar Pro 4.0 HijackThis 1.99.1 Hollywood FX GOLD IntCodec 6.0 Intel® PRO Ethernet Adapter and Software Internet Explorer Security Plugin 2006 Internet Security Add-On InterVideo WinDVD 4 J2SE Runtime Environment 5.0 Update 6 Kazaa Lite K++ v2.4.2 Lecteur Windows Media 10 LimeWire PRO 4.12.3 Lyra Jukebox Applications Macromedia Dreamweaver MX Manuels TOSHIBA Microsoft .NET Framework (French) Microsoft .NET Framework (French) v1.0.3705 Microsoft AutoRoute 2002 Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Word 2002 Microsoft Works 7.0 Morpheus 5.2 (remove only) Mozilla (1.7.3) (fr) MP3 Turbo Injector 1.5 MSN Messenger 7.5 Nero OEM NVIDIA Windows 2000/XP Display Drivers OmniPage SE 2.0 OS Pack Works Suite Package du correctif Windows XP [voir Q329048 pour plus de détails] Package du correctif Windows XP [voir q329112 pour plus de détails] Package du correctif Windows XP [voir Q329115 pour plus de détails] Package du correctif Windows XP [voir Q329390 pour plus de détails] PDF Manager 3.00 PerfectAed Public Messenger ver 2.03 QuickTime Alternative 1.70 Real Alternative 1.21 RealPlayer Spybot - Search & Destroy 1.3 Steganos Internet Anonym 7.0.9 Sélecteur d'installation de Microsoft Works Suite 2003 Synaptics cPad Synaptics Pointing Device Driver TOSHIBA ConfigFree Toshiba Hotkey - Utilitaire de sélection du périphérique d'affichage TOSHIBA MEDIA PLAYER V1.7 TOSHIBA Mobile Extension3 pour Windows XP V3.27.00.XP TOSHIBA Satellite Demo Toshiba screensaver TOSHIBA Software Modem TOSHIBA Utilities Ulead COOL 3D Studio Ulead DVD Workshop Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00 VideoCAM Eye VideoLAN VLC media player 0.8.5 Viewpoint Media Player (Remove Only) WaveL Pic2Pic WebFldrs XP WinAVI VideoConverter Windows Media Format Runtime Windows Media Player 9 Series TweakMP PowerToy Wireless-G Notebook Adapter Wireless Hotkey WMP_do_MP3 version 5.0.1 Yahoo! Toolbar Yahoo! Toolbar YAMAHA AC-XG WDM ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Fichiers communs 15/04/2003 08:57 <REP> Windows NT 15/04/2003 08:57 <REP> MSN 15/04/2003 08:58 <REP> MSN Gaming Zone 15/04/2003 08:58 <REP> Messenger 15/04/2003 08:58 <REP> Windows Media Player 15/04/2003 08:58 <REP> Services en ligne 15/04/2003 08:58 <REP> ComPlus Applications 15/04/2003 08:59 <REP> Internet Explorer 15/04/2003 08:59 <REP> Outlook Express 15/04/2003 08:59 <REP> NetMeeting 15/04/2003 08:59 <REP> Movie Maker 15/04/2003 09:03 <REP> microsoft frontpage 15/04/2003 09:03 <REP> xerox 15/04/2003 10:01 <REP> TOSHIBA 15/04/2003 10:40 <REP> Adobe 15/04/2003 10:41 <REP> Synaptics 15/04/2003 10:48 <REP> InterVideo 22/04/2005 11:58 <REP> Linksys 22/04/2005 12:10 <REP> Zone Labs 22/04/2005 12:15 <REP> Grisoft 22/04/2005 12:30 <REP> Netscape 22/04/2005 12:31 <REP> Viewpoint 22/04/2005 12:56 <REP> MSN Messenger 22/04/2005 12:59 <REP> Mozilla Firefox 22/04/2005 14:23 <REP> ACE Mega CoDecS Pack 22/04/2005 14:44 <REP> Webteh 22/04/2005 14:45 <REP> VideoLAN 22/04/2005 14:46 <REP> WinRAR 04/05/2005 21:49 <REP> Kazaa Lite K++ 22/06/2005 20:45 <REP> Ahead 22/06/2006 13:33 <REP> e-Carte Bleue 22/04/2005 15:12 <REP> Nouveau dossier 22/04/2005 15:15 <REP> eMule 22/04/2005 15:20 <REP> Ad-aware 22/04/2005 15:20 <REP> RegCleaner 22/04/2005 15:21 <REP> Spybot - Search & Destroy 22/04/2005 15:22 <REP> Lavasoft 22/04/2005 15:23 <REP> RamBooster 22/04/2005 15:38 <REP> mozilla.org 26/04/2005 15:53 <REP> WaveL Pic2Pic 26/04/2005 16:03 <REP> ACD Systems 03/05/2005 21:48 <REP> PDF Manager 17/05/2005 13:10 <REP> Microsoft Office 23/05/2005 15:33 <REP> Microsoft Works Suite 2003 23/05/2005 15:33 <REP> Microsoft Works 01/06/2005 17:40 <REP> Unrelated Inventions 01/06/2005 18:12 <REP> PerfectAed 23/06/2005 17:48 <REP> directx 01/06/2005 18:04 <REP> Softal 01/06/2005 19:12 <REP> Ultimate Systems 24/06/2005 00:50 <REP> ICOO Loader 23/06/2005 01:48 <REP> Ulead Systems 23/06/2005 17:02 <REP> K-Lite Codec Pack 03/10/2005 21:43 <REP> Eagletron 23/06/2005 18:08 <REP> Free Download Manager 07/08/2005 13:25 <REP> EPSON 20/09/2005 01:18 <REP> Freeplayer 20/09/2005 21:04 <REP> Macromedia 07/08/2005 14:47 <REP> YourSiteBar 20/04/2006 18:54 <REP> WinAVI VideoConverter 21/09/2005 00:32 <REP> Visicom Media 05/10/2005 17:40 <REP> Microsoft AutoRoute 06/10/2005 20:53 <REP> Xilisoft 08/10/2005 16:01 <REP> VideoCAM Eye 23/12/2005 20:00 <REP> Alcohol Soft 25/12/2005 18:03 <REP> Canon 25/12/2005 18:12 <REP> ScanSoft 10/01/2006 20:06 <REP> Pinnacle 13/02/2006 15:40 <REP> QuickTime 13/02/2006 16:03 <REP> Real 14/02/2006 05:56 <REP> Real Alternative 14/02/2006 05:56 <REP> Media Player Classic 23/02/2006 12:02 <REP> mailskinner 25/03/2006 15:31 <REP> Elaborate Bytes 07/05/2006 20:22 <REP> Java 14/05/2006 19:00 <REP> Yahoo! 20/08/2006 20:21 <REP> Azureus 12/06/2006 12:37 <REP> Thomson 16/06/2006 18:35 <REP> CCleaner 18/05/2006 12:47 <REP> Passware 06/07/2006 19:54 <REP> Google 10/07/2006 18:08 <REP> Guitar Pro 4 18/07/2006 18:36 <REP> QuickTime Alternative 20/08/2006 20:56 <REP> Morpheus 21/08/2006 16:04 <REP> LimeWire 14/09/2006 13:42 <REP> Steganos Internet Anonym 7 14/09/2006 13:42 <REP> Secure Surfing Engine 18/09/2006 01:13 <REP> HijackThis 0 fichier(s) 0 octets 91 Rép(s) 16 270 442 496 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 116C-0FDF Répertoire de C:\Program Files\fichiers communs 15/04/2003 08:53 <REP> . 15/04/2003 08:53 <REP> .. 15/04/2003 08:53 <REP> Microsoft Shared 15/04/2003 08:53 <REP> SpeechEngines 15/04/2003 08:53 <REP> ODBC 15/04/2003 08:59 <REP> System 15/04/2003 08:59 <REP> MSSoap 15/04/2003 08:59 <REP> Services 15/04/2003 09:15 <REP> InstallShield 15/04/2003 10:40 <REP> Adobe 22/04/2005 12:30 <REP> mozilla.org 26/04/2005 16:03 <REP> ACD Systems 31/05/2005 03:10 <REP> Designer 22/06/2005 21:57 <REP> Ahead 23/06/2005 01:48 <REP> Ulead Systems 20/09/2005 21:05 <REP> Macromedia 20/09/2005 21:06 <REP> Vbox 08/10/2005 16:01 <REP> VCAMEye 25/12/2005 18:12 <REP> ScanSoft Shared 13/02/2006 16:03 <REP> Real 05/05/2006 19:08 <REP> xing shared 07/05/2006 20:21 <REP> Java 0 fichier(s) 0 octets 22 Rép(s) 16 270 950 400 octets libres c:\Documents and Settings\BEN\Menu Démarrer\Programmes\WinRAR\wrar330fr.exe c:\Documents and Settings\BEN\Mes documents\realalt121.exe c:\Documents and Settings\BEN\Mes documents\WM9Powertoy_TweakMP.EXE c:\Documents and Settings\BEN\Mes documents\XviD-1.0-RC4-05042004.exe c:\Documents and Settings\BEN\Mes documents\AIR FRANCE\crac-nero\cr-nve20.exe c:\Documents and Settings\BEN\Mes documents\BICS\eCarteBleue-Banque-Populaire-2-PC.EXE c:\Documents and Settings\BEN\Mes documents\IMPOTS\jre-1_5_0_06-windows-i586-p-iftw.exe c:\Documents and Settings\BEN\Mes documents\lg 7020\WSC-MA2-SMAF-u\wscma2\wscma2u.exe c:\Documents and Settings\BEN\Mes documents\toschiba\backgrnd.exe c:\Documents and Settings\BEN\Mes documents\toschiba\freedom.exe c:\Documents and Settings\BEN\Mes documents\adrenalynmovies.fre.fr\real player alternative.exe c:\Documents and Settings\BEN\Bureau\Freeplayer-Win32-20050905.exe c:\Documents and Settings\BEN\Bureau\DiagHelp\diaghelp\FilesInfoCmd.exe c:\Documents and Settings\BEN\Bureau\DiagHelp\diaghelp\Fport.exe c:\Documents and Settings\BEN\Bureau\DiagHelp\diaghelp\grep.exe c:\Documents and Settings\BEN\Bureau\DiagHelp\diaghelp\LFiles.exe c:\Documents and Settings\BEN\Bureau\DiagHelp\diaghelp\LISTDLLS.exe c:\Documents and Settings\BEN\Bureau\DiagHelp\diaghelp\pslist.exe c:\Documents and Settings\BEN\Bureau\DiagHelp\diaghelp\streams.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\download.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\dumphive.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe c:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix\unzip.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_152a65fa.exe c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_76ce4ba2.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe c:\Documents and Settings\BEN\My Documents\Morpheus Shared\Downloads\LimeWireWin4.12.3.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\BEN\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
Nouveau raport: Logfile of HijackThis v1.99.1 Scan saved at 01:57:22, on 18/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\System32\TPWRTRAY.EXE C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\WINDOWS\System32\TDispVol.exe C:\WINDOWS\System32\TFNF5.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HijackThis\binouse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing) O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing) O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03 O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [urojhsibtw] c:\windows\system32\urojhsibtw.exe urojhsibtw O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\System32\viruxz.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
raport de : SmitFraudFix v2.91 Rapport fait à 1:49:09,83, 18/09/2006 Executé à partir de C:\Documents and Settings\BEN\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BEN\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BEN\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Analyse rapports HijackThis
binouse a répondu à un(e) sujet de binouse dans Analyses et éradication malwares
Mes problemes sont le ralentissement des connexions internet (sympthome d'un virus "Win32.Crypt.exe " , mais aparamant plus présent sur mon pc depuis peut) et le nonfonctionnement des restauration du system (mais maintenant je n'ai plus de point de restauration suite à 1 désactivation de la restauration et redémarage je pense) Merci -
Bonjour, suite à la procedure sur: http://forum.zebulon.fr/index.php?showtopic=83986 je vous poste le rapport . merci de me donner la réponce de votre analyse Logfile of HijackThis v1.99.1 Scan saved at 01:14:38, on 18/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\System32\TPWRTRAY.EXE C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\WINDOWS\System32\TDispVol.exe C:\WINDOWS\System32\TFNF5.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\BEN\LOCALS~1\Temp\Rar$EX12.834\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing) O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing) O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03 O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [urojhsibtw] c:\windows\system32\urojhsibtw.exe urojhsibtw O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\System32\viruxz.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe