Analyse rapports HijackThis

[binouse]

voila c fé!

[Thanos]

salut

 

Beau travail encore un peu de nettoyage => est ce que tu as bien fixé toutes les lignes dans hijackthis? il en reste une!=>

 

* Démarre Hijackthis"Do a system scan only", et coche les lignes suivantes :

O4 - HKLM\..\Run: [urojhsibtw] c:\windows\system32\urojhsibtw.exe urojhsibtw

-Ferme tous les programmes et clique sur "Fix Checked"

 

*Supprime le fichier en gras dans C:\WINDOWS\System32:

 

C:\WINDOWS\System32\dmcpl.exe

 

* Double-clique surATF-Cleaner.exe afin de lancer le programme.

Pour internet explorer

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

 

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

ouvre Firefox=>menu Outils=>Options=> Vie Privée=> Cookies=>clique sur le bouton "Supprimer les cookies".

 

Fais un scan en ligne avec Panda :

http://www.pandasoftware.fr/Activescan/Activescan.html .

Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index

 

Reposte stp :

 

-un nouveau rapport hijackthis .

-le rapport de Panda

- un nouveau rapport DiagHelp.

 

on est dans la bonne voie

Modifié le 18 septembre 2006 par charles ingals

[binouse]

Logfile of HijackThis v1.99.1

Scan saved at 13:45:15, on 19/09/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\BEN\LOCALS~1\Temp\Rar$EX00.064\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

 

 

rappot diaghelp:

C:\WINDOWS\System32\Uninstall.ico -->19/09/2006 14:07:46

C:\WINDOWS\System32\Help.ico -->19/09/2006 14:07:46

C:\WINDOWS\System32\pavas.ico -->19/09/2006 14:07:46

C:\WINDOWS\System32\vsconfig.xml -->19/09/2006 14:01:04

C:\WINDOWS\System32\wpa.dbl -->10/09/2006 04:54:44

C:\WINDOWS\System32\swreg.exe -->29/08/2006 19:43:54

C:\WINDOWS\System32\FNTCACHE.DAT -->24/08/2006 13:03:08

C:\WINDOWS\System32\asuninst.exe -->02/08/2006 12:39:06

C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->07/05/2006 20:24:02

C:\WINDOWS\System32\rmoc3260.dll -->05/05/2006 19:08:24

C:\WINDOWS\System32\pndx5032.dll -->05/05/2006 19:08:04

C:\WINDOWS\System32\pndx5016.dll -->05/05/2006 19:08:04

C:\WINDOWS\System32\pncrt.dll -->05/05/2006 19:08:00

C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12

C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08

C:\WINDOWS\System32\SrchSTS.exe -->27/04/2006 17:49:30

C:\WINDOWS\System32\affv9869p2now.sys -->20/04/2006 18:54:10

C:\WINDOWS\System32\sirenacm.dll -->25/01/2006 05:34:24

C:\WINDOWS\System32\DKRNL.JAX -->10/01/2006 20:31:46

C:\WINDOWS\System32\swsc.exe -->09/01/2006 10:36:06

C:\WINDOWS\System32\amcompat.tlb -->18/12/2005 18:28:06

C:\WINDOWS\System32\nscompat.tlb -->18/12/2005 18:28:06

C:\WINDOWS\System32\javaws.exe -->10/11/2005 13:03:54

C:\WINDOWS\System32\jpicpl32.cpl -->10/11/2005 13:03:50

C:\WINDOWS\System32\javaw.exe -->10/11/2005 11:27:16

 

C:\WINDOWS\setupapi.log -->19/09/2006 14:08:36

C:\WINDOWS\wiadebug.log -->19/09/2006 13:58:26

C:\WINDOWS\0.log -->19/09/2006 13:58:14

C:\WINDOWS\bootstat.dat -->19/09/2006 13:58:02

C:\WINDOWS\ntbtlog.txt -->19/09/2006 13:57:08

C:\WINDOWS\wiaservc.log -->19/09/2006 13:39:56

C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt -->18/09/2006 19:39:48

C:\WINDOWS\setupact.log -->18/09/2006 16:57:32

C:\WINDOWS\setuperr.log -->17/09/2006 23:22:42

C:\WINDOWS\SYSTEM.INI -->16/09/2006 12:04:38

C:\WINDOWS\win.ini -->16/09/2006 12:04:38

C:\WINDOWS\SchedLgU.Txt -->14/09/2006 16:12:36

C:\WINDOWS\NeroDigital.ini -->14/09/2006 13:20:52

C:\WINDOWS\QTFont.for -->12/09/2006 19:17:54

C:\WINDOWS\QTFont.qfn -->12/09/2006 19:17:54

 

C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18

C:\WINDOWS\trackerpod_server.exe |03/10/2005 21:43:35

C:\WINDOWS\vsnpstd.exe |08/10/2005 16:01:15

C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35

C:\WINDOWS\MTITSunst.exe |01/06/2005 19:12:17

C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34

C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27

C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20

C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27

C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37

C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20

C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52

C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26

C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58

C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16

C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34

C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04

C:\WINDOWS\system32\getnode.dll |15/04/2003 10:05:20

C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27

C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33

C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54

C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30

C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44

C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40

C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30

C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25

C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46

C:\WINDOWS\system32\ltmm_n.dll |23/06/2005 19:29:39

C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50

C:\WINDOWS\system32\rsnpstd.dll |08/10/2005 16:01:16

C:\WINDOWS\system32\vsnpstd.dll |08/10/2005 16:01:16

C:\WINDOWS\system32\dsnpstd.dll |08/10/2005 16:01:15

C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52

C:\WINDOWS\system32\csnpstd.dll |08/10/2005 16:01:16

C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32

C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30

C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25

C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18

C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35

C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27

C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20

C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27

C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37

C:\WINDOWS\system32\SrchSTS.exe |18/09/2006 01:48:37

C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20

C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52

C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26

C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58

C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34

C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04

C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27

C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33

C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54

C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30

C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44

C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40

C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30

C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25

C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46

C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50

C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52

C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32

C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30

C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\WINDOWS\system32

 

30/08/2002 13:00 4 096 csrss.exe

1 fichier(s) 4 096 octets

0 Rép(s) 16 096 804 864 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

15/04/2003 09:00 <REP> .

15/04/2003 09:00 <REP> ..

15/04/2003 09:00 65 desktop.ini

20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd

14/10/1997 18:52 697 DirectAnimation Java Classes.osd

23/05/2005 13:41 495 LegitCheckControl.inf

30/12/2004 11:29 267 328 fpu.ocx

30/12/2004 11:29 3 071 fpu.inf

27/03/2006 13:00 5 019 swflash.inf

31/10/2001 10:37 118 uninst.bat

12/07/2000 02:02 36 864 fxfileop.dll

30/01/2003 16:52 348 160 bitdefender.ocx

21/03/2002 15:26 815 bitdefender.inf

02/09/2005 16:41 135 168 asinst.dll

02/09/2005 14:50 525 asinst.inf

13 fichier(s) 799 487 octets

 

Total des fichiers listés :

13 fichier(s) 799 487 octets

2 Rép(s) 16 096 804 864 octets libres

 

Liste des programmes installes

 

ACDSee for Pentax 2.0

ACE Mega CoDecS Pack

Ad-aware 6 Personal

Adobe Acrobat 5.0

Adobe Premiere Pro

Alcohol 120% (Trial Version)

Archiveur WinRAR

AVG Free Edition

Azureus

Bluetooth Easy Connect

Bluetooth Stack for Windows by Toshiba

BSPlayer

Canon MP Drivers 7.0

Canon MP Navigator 1.1

Canon ScanGear Starter

Canon Utilities Easy-PhotoPrint

CCleaner (remove only)

CloneDVD

Commandes TOSHIBA

Console TOSHIBA

Correctif Windows XP (SP2) Q810565

e-Carte Bleue Banque Populaire

Economie TOSHIBA

eMule

ewido anti-spyware 4.0

Formatage de carte mémoire SD TOSHIBA

Freeplayer

FTP Expert 3

Google Earth

Guitar Pro 4.0

HijackThis 1.99.1

Hollywood FX GOLD

Intel® PRO Ethernet Adapter and Software

InterVideo WinDVD 4

J2SE Runtime Environment 5.0 Update 6

Kazaa Lite K++ v2.4.2

Lecteur Windows Media 10

LimeWire PRO 4.12.3

Lyra Jukebox Applications

Macromedia Dreamweaver MX

Manuels TOSHIBA

Microsoft .NET Framework (French)

Microsoft .NET Framework (French) v1.0.3705

Microsoft AutoRoute 2002

Microsoft Office Excel Viewer 2003

Microsoft Office PowerPoint Viewer 2003

Microsoft Word 2002

Microsoft Works 7.0

Morpheus 5.2 (remove only)

Mozilla (1.7.3) (fr)

MP3 Turbo Injector 1.5

MSN Messenger 7.5

Nero OEM

NVIDIA Windows 2000/XP Display Drivers

OmniPage SE 2.0

OS Pack Works Suite

Package du correctif Windows XP [voir Q329048 pour plus de détails]

Package du correctif Windows XP [voir q329112 pour plus de détails]

Package du correctif Windows XP [voir Q329115 pour plus de détails]

Package du correctif Windows XP [voir Q329390 pour plus de détails]

PDF Manager 3.00

PerfectAed

QuickTime Alternative 1.70

Real Alternative 1.21

RealPlayer

Spybot - Search & Destroy 1.3

Steganos Internet Anonym 7.0.9

Sélecteur d'installation de Microsoft Works Suite 2003

Synaptics cPad

Synaptics Pointing Device Driver

TOSHIBA ConfigFree

Toshiba Hotkey - Utilitaire de sélection du périphérique d'affichage

TOSHIBA MEDIA PLAYER V1.7

TOSHIBA Mobile Extension3 pour Windows XP V3.27.00.XP

TOSHIBA Satellite Demo

Toshiba screensaver

TOSHIBA Software Modem

TOSHIBA Utilities

Ulead COOL 3D Studio

Ulead DVD Workshop

Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00

VideoCAM Eye

VideoLAN VLC media player 0.8.5

Viewpoint Media Player (Remove Only)

WaveL Pic2Pic

WebFldrs XP

WinAVI VideoConverter

Windows Media Format Runtime

Windows Media Player 9 Series TweakMP PowerToy

Wireless-G Notebook Adapter

Wireless Hotkey

WMP_do_MP3 version 5.0.1

YAMAHA AC-XG WDM

ZoneAlarm

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\Program Files

 

15/04/2003 08:53 <REP> .

15/04/2003 08:53 <REP> ..

15/04/2003 08:53 <REP> Fichiers communs

15/04/2003 08:57 <REP> Windows NT

15/04/2003 08:57 <REP> MSN

15/04/2003 08:58 <REP> MSN Gaming Zone

15/04/2003 08:58 <REP> Messenger

15/04/2003 08:58 <REP> Windows Media Player

15/04/2003 08:58 <REP> Services en ligne

15/04/2003 08:58 <REP> ComPlus Applications

15/04/2003 08:59 <REP> Internet Explorer

15/04/2003 08:59 <REP> Outlook Express

15/04/2003 08:59 <REP> NetMeeting

15/04/2003 08:59 <REP> Movie Maker

15/04/2003 09:03 <REP> microsoft frontpage

15/04/2003 09:03 <REP> xerox

15/04/2003 10:01 <REP> TOSHIBA

15/04/2003 10:40 <REP> Adobe

15/04/2003 10:41 <REP> Synaptics

15/04/2003 10:48 <REP> InterVideo

22/04/2005 11:58 <REP> Linksys

22/04/2005 12:10 <REP> Zone Labs

22/04/2005 12:15 <REP> Grisoft

22/04/2005 12:30 <REP> Netscape

22/04/2005 12:31 <REP> Viewpoint

22/04/2005 12:56 <REP> MSN Messenger

22/04/2005 12:59 <REP> Mozilla Firefox

22/04/2005 14:23 <REP> ACE Mega CoDecS Pack

22/04/2005 14:44 <REP> Webteh

22/04/2005 14:45 <REP> VideoLAN

22/04/2005 14:46 <REP> WinRAR

04/05/2005 21:49 <REP> Kazaa Lite K++

22/06/2005 20:45 <REP> Ahead

22/06/2006 13:33 <REP> e-Carte Bleue

22/04/2005 15:12 <REP> Nouveau dossier

22/04/2005 15:15 <REP> eMule

22/04/2005 15:20 <REP> Ad-aware

22/04/2005 15:20 <REP> RegCleaner

22/04/2005 15:21 <REP> Spybot - Search & Destroy

22/04/2005 15:22 <REP> Lavasoft

22/04/2005 15:23 <REP> RamBooster

22/04/2005 15:38 <REP> mozilla.org

26/04/2005 15:53 <REP> WaveL Pic2Pic

26/04/2005 16:03 <REP> ACD Systems

03/05/2005 21:48 <REP> PDF Manager

17/05/2005 13:10 <REP> Microsoft Office

23/05/2005 15:33 <REP> Microsoft Works Suite 2003

23/05/2005 15:33 <REP> Microsoft Works

01/06/2005 17:40 <REP> Unrelated Inventions

01/06/2005 18:12 <REP> PerfectAed

23/06/2005 17:48 <REP> directx

01/06/2005 18:04 <REP> Softal

01/06/2005 19:12 <REP> Ultimate Systems

24/06/2005 00:50 <REP> ICOO Loader

23/06/2005 01:48 <REP> Ulead Systems

23/06/2005 17:02 <REP> K-Lite Codec Pack

03/10/2005 21:43 <REP> Eagletron

23/06/2005 18:08 <REP> Free Download Manager

07/08/2005 13:25 <REP> EPSON

20/09/2005 01:18 <REP> Freeplayer

20/09/2005 21:04 <REP> Macromedia

20/04/2006 18:54 <REP> WinAVI VideoConverter

21/09/2005 00:32 <REP> Visicom Media

05/10/2005 17:40 <REP> Microsoft AutoRoute

06/10/2005 20:53 <REP> Xilisoft

08/10/2005 16:01 <REP> VideoCAM Eye

23/12/2005 20:00 <REP> Alcohol Soft

25/12/2005 18:03 <REP> Canon

25/12/2005 18:12 <REP> ScanSoft

10/01/2006 20:06 <REP> Pinnacle

13/02/2006 15:40 <REP> QuickTime

13/02/2006 16:03 <REP> Real

14/02/2006 05:56 <REP> Real Alternative

14/02/2006 05:56 <REP> Media Player Classic

25/03/2006 15:31 <REP> Elaborate Bytes

07/05/2006 20:22 <REP> Java

14/05/2006 19:00 <REP> Yahoo!

20/08/2006 20:21 <REP> Azureus

12/06/2006 12:37 <REP> Thomson

16/06/2006 18:35 <REP> CCleaner

18/05/2006 12:47 <REP> Passware

06/07/2006 19:54 <REP> Google

10/07/2006 18:08 <REP> Guitar Pro 4

18/07/2006 18:36 <REP> QuickTime Alternative

20/08/2006 20:56 <REP> Morpheus

21/08/2006 16:04 <REP> LimeWire

14/09/2006 13:42 <REP> Steganos Internet Anonym 7

14/09/2006 13:42 <REP> Secure Surfing Engine

18/09/2006 12:22 <REP> ewido anti-spyware 4.0

18/09/2006 01:13 <REP> HijackThis

0 fichier(s) 0 octets

90 Rép(s) 16 096 231 424 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\Program Files\fichiers communs

 

15/04/2003 08:53 <REP> .

15/04/2003 08:53 <REP> ..

15/04/2003 08:53 <REP> Microsoft Shared

15/04/2003 08:53 <REP> SpeechEngines

15/04/2003 08:53 <REP> ODBC

15/04/2003 08:59 <REP> System

15/04/2003 08:59 <REP> MSSoap

15/04/2003 08:59 <REP> Services

15/04/2003 09:15 <REP> InstallShield

15/04/2003 10:40 <REP> Adobe

22/04/2005 12:30 <REP> mozilla.org

26/04/2005 16:03 <REP> ACD Systems

31/05/2005 03:10 <REP> Designer

22/06/2005 21:57 <REP> Ahead

23/06/2005 01:48 <REP> Ulead Systems

20/09/2005 21:05 <REP> Macromedia

20/09/2005 21:06 <REP> Vbox

08/10/2005 16:01 <REP> VCAMEye

25/12/2005 18:12 <REP> ScanSoft Shared

13/02/2006 16:03 <REP> Real

05/05/2006 19:08 <REP> xing shared

07/05/2006 20:21 <REP> Java

0 fichier(s) 0 octets

22 Rép(s) 16 096 739 328 octets libres

c:\Documents and Settings\BEN\Menu Démarrer\Programmes\WinRAR\wrar330fr.exe

c:\Documents and Settings\BEN\Mes documents\realalt121.exe

c:\Documents and Settings\BEN\Mes documents\WM9Powertoy_TweakMP.EXE

c:\Documents and Settings\BEN\Mes documents\XviD-1.0-RC4-05042004.exe

c:\Documents and Settings\BEN\Mes documents\AIR FRANCE\crac-nero\cr-nve20.exe

c:\Documents and Settings\BEN\Mes documents\BICS\eCarteBleue-Banque-Populaire-2-PC.EXE

c:\Documents and Settings\BEN\Mes documents\IMPOTS\jre-1_5_0_06-windows-i586-p-iftw.exe

c:\Documents and Settings\BEN\Mes documents\lg 7020\WSC-MA2-SMAF-u\wscma2\wscma2u.exe

c:\Documents and Settings\BEN\Mes documents\toschiba\backgrnd.exe

c:\Documents and Settings\BEN\Mes documents\toschiba\freedom.exe

c:\Documents and Settings\BEN\Mes documents\adrenalynmovies.fre.fr\real player alternative.exe

c:\Documents and Settings\BEN\Bureau\Freeplayer-Win32-20050905.exe

c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_152a65fa.exe

c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_76ce4ba2.exe

c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe

c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe

c:\Documents and Settings\BEN\My Documents\Morpheus Shared\Downloads\LimeWireWin4.12.3.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\BEN\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

 

 

 

Pour l'analyse Panda le chargement des activeX se bloque à la moitier puis plus rien ne se passe donc pas d'analyse, et dans system32 je n'ai pas de fichier en gras mais j'ai suprimé le ficherdmcpl.exe

merci , je fé koi maintenant?

[binouse]

Logfile of HijackThis v1.99.1

Scan saved at 13:45:15, on 19/09/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\BEN\LOCALS~1\Temp\Rar$EX00.064\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\program files\steganos internet anonym 7\sia7iep.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

rapport diaghelp:

C:\WINDOWS\System32\Uninstall.ico -->19/09/2006 14:07:46

C:\WINDOWS\System32\Help.ico -->19/09/2006 14:07:46

C:\WINDOWS\System32\pavas.ico -->19/09/2006 14:07:46

C:\WINDOWS\System32\vsconfig.xml -->19/09/2006 14:01:04

C:\WINDOWS\System32\wpa.dbl -->10/09/2006 04:54:44

C:\WINDOWS\System32\swreg.exe -->29/08/2006 19:43:54

C:\WINDOWS\System32\FNTCACHE.DAT -->24/08/2006 13:03:08

C:\WINDOWS\System32\asuninst.exe -->02/08/2006 12:39:06

C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->07/05/2006 20:24:02

C:\WINDOWS\System32\rmoc3260.dll -->05/05/2006 19:08:24

C:\WINDOWS\System32\pndx5032.dll -->05/05/2006 19:08:04

C:\WINDOWS\System32\pndx5016.dll -->05/05/2006 19:08:04

C:\WINDOWS\System32\pncrt.dll -->05/05/2006 19:08:00

C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12

C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08

C:\WINDOWS\System32\SrchSTS.exe -->27/04/2006 17:49:30

C:\WINDOWS\System32\affv9869p2now.sys -->20/04/2006 18:54:10

C:\WINDOWS\System32\sirenacm.dll -->25/01/2006 05:34:24

C:\WINDOWS\System32\DKRNL.JAX -->10/01/2006 20:31:46

C:\WINDOWS\System32\swsc.exe -->09/01/2006 10:36:06

C:\WINDOWS\System32\amcompat.tlb -->18/12/2005 18:28:06

C:\WINDOWS\System32\nscompat.tlb -->18/12/2005 18:28:06

C:\WINDOWS\System32\javaws.exe -->10/11/2005 13:03:54

C:\WINDOWS\System32\jpicpl32.cpl -->10/11/2005 13:03:50

C:\WINDOWS\System32\javaw.exe -->10/11/2005 11:27:16

 

C:\WINDOWS\setupapi.log -->19/09/2006 14:08:36

C:\WINDOWS\wiadebug.log -->19/09/2006 13:58:26

C:\WINDOWS\0.log -->19/09/2006 13:58:14

C:\WINDOWS\bootstat.dat -->19/09/2006 13:58:02

C:\WINDOWS\ntbtlog.txt -->19/09/2006 13:57:08

C:\WINDOWS\wiaservc.log -->19/09/2006 13:39:56

C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt -->18/09/2006 19:39:48

C:\WINDOWS\setupact.log -->18/09/2006 16:57:32

C:\WINDOWS\setuperr.log -->17/09/2006 23:22:42

C:\WINDOWS\SYSTEM.INI -->16/09/2006 12:04:38

C:\WINDOWS\win.ini -->16/09/2006 12:04:38

C:\WINDOWS\SchedLgU.Txt -->14/09/2006 16:12:36

C:\WINDOWS\NeroDigital.ini -->14/09/2006 13:20:52

C:\WINDOWS\QTFont.for -->12/09/2006 19:17:54

C:\WINDOWS\QTFont.qfn -->12/09/2006 19:17:54

 

C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18

C:\WINDOWS\trackerpod_server.exe |03/10/2005 21:43:35

C:\WINDOWS\vsnpstd.exe |08/10/2005 16:01:15

C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35

C:\WINDOWS\MTITSunst.exe |01/06/2005 19:12:17

C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34

C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27

C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20

C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27

C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37

C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20

C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52

C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26

C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58

C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16

C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34

C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04

C:\WINDOWS\system32\getnode.dll |15/04/2003 10:05:20

C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27

C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33

C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54

C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30

C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44

C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40

C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30

C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25

C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46

C:\WINDOWS\system32\ltmm_n.dll |23/06/2005 19:29:39

C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50

C:\WINDOWS\system32\rsnpstd.dll |08/10/2005 16:01:16

C:\WINDOWS\system32\vsnpstd.dll |08/10/2005 16:01:16

C:\WINDOWS\system32\dsnpstd.dll |08/10/2005 16:01:15

C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52

C:\WINDOWS\system32\csnpstd.dll |08/10/2005 16:01:16

C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32

C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30

C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25

C:\WINDOWS\MakeMrk.exe |15/04/2003 10:58:18

C:\WINDOWS\MozillaUninstall.exe |22/04/2005 15:38:35

C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00

C:\WINDOWS\system32\tutildel.exe |15/04/2003 10:07:27

C:\WINDOWS\system32\tcleanup.exe |15/04/2003 10:05:20

C:\WINDOWS\system32\000StTHK.exe |15/04/2003 10:03:27

C:\WINDOWS\system32\swsc.exe |18/09/2006 01:48:37

C:\WINDOWS\system32\SrchSTS.exe |18/09/2006 01:48:37

C:\WINDOWS\system32\hh34.exe |10/08/2004 16:18:20

C:\WINDOWS\system32\hh36.exe |27/06/2001 13:14:52

C:\WINDOWS\system32\hh35.exe |10/08/2004 16:52:26

C:\WINDOWS\system32\hh40.exe |03/12/2000 21:45:58

C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32

C:\WINDOWS\system32\psisdecd.dll |22/06/2005 20:35:34

C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00

C:\WINDOWS\system32\csellang.dll |15/04/2003 10:03:04

C:\WINDOWS\system32\Tdevdsp.dll |15/04/2003 10:03:27

C:\WINDOWS\system32\TDispVol.dll |15/04/2003 10:10:33

C:\WINDOWS\system32\TosBtacc.dll |20/02/2003 21:20:54

C:\WINDOWS\system32\TosCommApi.dll |04/06/2002 09:58:30

C:\WINDOWS\system32\TosHidAPI.dll |01/11/2002 07:57:44

C:\WINDOWS\system32\TBTMonUI.dll |26/02/2003 13:48:40

C:\WINDOWS\system32\tosbthcrpapi.dll |12/12/2002 17:16:30

C:\WINDOWS\system32\SynTPCoI.dll |08/04/2003 07:19:25

C:\WINDOWS\system32\xvidcore.dll |22/04/2005 14:23:46

C:\WINDOWS\system32\unrar.dll |22/04/2005 14:23:50

C:\WINDOWS\system32\cpuinf32.dll |22/04/2005 14:23:52

C:\WINDOWS\system32\CNMVS6s.DLL |25/12/2005 19:17:32

C:\WINDOWS\system32\ZPORT4AS.dll |19/09/2006 14:08:30

C:\WINDOWS\system32\gpvbd.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\dprsx.dll |01/06/2005 17:51:25

C:\WINDOWS\system32\AuthDVD.DLL |01/06/2005 17:51:25

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\WINDOWS\system32

 

30/08/2002 13:00 4 096 csrss.exe

1 fichier(s) 4 096 octets

0 Rép(s) 16 096 804 864 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

15/04/2003 09:00 <REP> .

15/04/2003 09:00 <REP> ..

15/04/2003 09:00 65 desktop.ini

20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd

14/10/1997 18:52 697 DirectAnimation Java Classes.osd

23/05/2005 13:41 495 LegitCheckControl.inf

30/12/2004 11:29 267 328 fpu.ocx

30/12/2004 11:29 3 071 fpu.inf

27/03/2006 13:00 5 019 swflash.inf

31/10/2001 10:37 118 uninst.bat

12/07/2000 02:02 36 864 fxfileop.dll

30/01/2003 16:52 348 160 bitdefender.ocx

21/03/2002 15:26 815 bitdefender.inf

02/09/2005 16:41 135 168 asinst.dll

02/09/2005 14:50 525 asinst.inf

13 fichier(s) 799 487 octets

 

Total des fichiers listés :

13 fichier(s) 799 487 octets

2 Rép(s) 16 096 804 864 octets libres

 

Liste des programmes installes

 

ACDSee for Pentax 2.0

ACE Mega CoDecS Pack

Ad-aware 6 Personal

Adobe Acrobat 5.0

Adobe Premiere Pro

Alcohol 120% (Trial Version)

Archiveur WinRAR

AVG Free Edition

Azureus

Bluetooth Easy Connect

Bluetooth Stack for Windows by Toshiba

BSPlayer

Canon MP Drivers 7.0

Canon MP Navigator 1.1

Canon ScanGear Starter

Canon Utilities Easy-PhotoPrint

CCleaner (remove only)

CloneDVD

Commandes TOSHIBA

Console TOSHIBA

Correctif Windows XP (SP2) Q810565

e-Carte Bleue Banque Populaire

Economie TOSHIBA

eMule

ewido anti-spyware 4.0

Formatage de carte mémoire SD TOSHIBA

Freeplayer

FTP Expert 3

Google Earth

Guitar Pro 4.0

HijackThis 1.99.1

Hollywood FX GOLD

Intel® PRO Ethernet Adapter and Software

InterVideo WinDVD 4

J2SE Runtime Environment 5.0 Update 6

Kazaa Lite K++ v2.4.2

Lecteur Windows Media 10

LimeWire PRO 4.12.3

Lyra Jukebox Applications

Macromedia Dreamweaver MX

Manuels TOSHIBA

Microsoft .NET Framework (French)

Microsoft .NET Framework (French) v1.0.3705

Microsoft AutoRoute 2002

Microsoft Office Excel Viewer 2003

Microsoft Office PowerPoint Viewer 2003

Microsoft Word 2002

Microsoft Works 7.0

Morpheus 5.2 (remove only)

Mozilla (1.7.3) (fr)

MP3 Turbo Injector 1.5

MSN Messenger 7.5

Nero OEM

NVIDIA Windows 2000/XP Display Drivers

OmniPage SE 2.0

OS Pack Works Suite

Package du correctif Windows XP [voir Q329048 pour plus de détails]

Package du correctif Windows XP [voir q329112 pour plus de détails]

Package du correctif Windows XP [voir Q329115 pour plus de détails]

Package du correctif Windows XP [voir Q329390 pour plus de détails]

PDF Manager 3.00

PerfectAed

QuickTime Alternative 1.70

Real Alternative 1.21

RealPlayer

Spybot - Search & Destroy 1.3

Steganos Internet Anonym 7.0.9

Sélecteur d'installation de Microsoft Works Suite 2003

Synaptics cPad

Synaptics Pointing Device Driver

TOSHIBA ConfigFree

Toshiba Hotkey - Utilitaire de sélection du périphérique d'affichage

TOSHIBA MEDIA PLAYER V1.7

TOSHIBA Mobile Extension3 pour Windows XP V3.27.00.XP

TOSHIBA Satellite Demo

Toshiba screensaver

TOSHIBA Software Modem

TOSHIBA Utilities

Ulead COOL 3D Studio

Ulead DVD Workshop

Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00

VideoCAM Eye

VideoLAN VLC media player 0.8.5

Viewpoint Media Player (Remove Only)

WaveL Pic2Pic

WebFldrs XP

WinAVI VideoConverter

Windows Media Format Runtime

Windows Media Player 9 Series TweakMP PowerToy

Wireless-G Notebook Adapter

Wireless Hotkey

WMP_do_MP3 version 5.0.1

YAMAHA AC-XG WDM

ZoneAlarm

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\Program Files

 

15/04/2003 08:53 <REP> .

15/04/2003 08:53 <REP> ..

15/04/2003 08:53 <REP> Fichiers communs

15/04/2003 08:57 <REP> Windows NT

15/04/2003 08:57 <REP> MSN

15/04/2003 08:58 <REP> MSN Gaming Zone

15/04/2003 08:58 <REP> Messenger

15/04/2003 08:58 <REP> Windows Media Player

15/04/2003 08:58 <REP> Services en ligne

15/04/2003 08:58 <REP> ComPlus Applications

15/04/2003 08:59 <REP> Internet Explorer

15/04/2003 08:59 <REP> Outlook Express

15/04/2003 08:59 <REP> NetMeeting

15/04/2003 08:59 <REP> Movie Maker

15/04/2003 09:03 <REP> microsoft frontpage

15/04/2003 09:03 <REP> xerox

15/04/2003 10:01 <REP> TOSHIBA

15/04/2003 10:40 <REP> Adobe

15/04/2003 10:41 <REP> Synaptics

15/04/2003 10:48 <REP> InterVideo

22/04/2005 11:58 <REP> Linksys

22/04/2005 12:10 <REP> Zone Labs

22/04/2005 12:15 <REP> Grisoft

22/04/2005 12:30 <REP> Netscape

22/04/2005 12:31 <REP> Viewpoint

22/04/2005 12:56 <REP> MSN Messenger

22/04/2005 12:59 <REP> Mozilla Firefox

22/04/2005 14:23 <REP> ACE Mega CoDecS Pack

22/04/2005 14:44 <REP> Webteh

22/04/2005 14:45 <REP> VideoLAN

22/04/2005 14:46 <REP> WinRAR

04/05/2005 21:49 <REP> Kazaa Lite K++

22/06/2005 20:45 <REP> Ahead

22/06/2006 13:33 <REP> e-Carte Bleue

22/04/2005 15:12 <REP> Nouveau dossier

22/04/2005 15:15 <REP> eMule

22/04/2005 15:20 <REP> Ad-aware

22/04/2005 15:20 <REP> RegCleaner

22/04/2005 15:21 <REP> Spybot - Search & Destroy

22/04/2005 15:22 <REP> Lavasoft

22/04/2005 15:23 <REP> RamBooster

22/04/2005 15:38 <REP> mozilla.org

26/04/2005 15:53 <REP> WaveL Pic2Pic

26/04/2005 16:03 <REP> ACD Systems

03/05/2005 21:48 <REP> PDF Manager

17/05/2005 13:10 <REP> Microsoft Office

23/05/2005 15:33 <REP> Microsoft Works Suite 2003

23/05/2005 15:33 <REP> Microsoft Works

01/06/2005 17:40 <REP> Unrelated Inventions

01/06/2005 18:12 <REP> PerfectAed

23/06/2005 17:48 <REP> directx

01/06/2005 18:04 <REP> Softal

01/06/2005 19:12 <REP> Ultimate Systems

24/06/2005 00:50 <REP> ICOO Loader

23/06/2005 01:48 <REP> Ulead Systems

23/06/2005 17:02 <REP> K-Lite Codec Pack

03/10/2005 21:43 <REP> Eagletron

23/06/2005 18:08 <REP> Free Download Manager

07/08/2005 13:25 <REP> EPSON

20/09/2005 01:18 <REP> Freeplayer

20/09/2005 21:04 <REP> Macromedia

20/04/2006 18:54 <REP> WinAVI VideoConverter

21/09/2005 00:32 <REP> Visicom Media

05/10/2005 17:40 <REP> Microsoft AutoRoute

06/10/2005 20:53 <REP> Xilisoft

08/10/2005 16:01 <REP> VideoCAM Eye

23/12/2005 20:00 <REP> Alcohol Soft

25/12/2005 18:03 <REP> Canon

25/12/2005 18:12 <REP> ScanSoft

10/01/2006 20:06 <REP> Pinnacle

13/02/2006 15:40 <REP> QuickTime

13/02/2006 16:03 <REP> Real

14/02/2006 05:56 <REP> Real Alternative

14/02/2006 05:56 <REP> Media Player Classic

25/03/2006 15:31 <REP> Elaborate Bytes

07/05/2006 20:22 <REP> Java

14/05/2006 19:00 <REP> Yahoo!

20/08/2006 20:21 <REP> Azureus

12/06/2006 12:37 <REP> Thomson

16/06/2006 18:35 <REP> CCleaner

18/05/2006 12:47 <REP> Passware

06/07/2006 19:54 <REP> Google

10/07/2006 18:08 <REP> Guitar Pro 4

18/07/2006 18:36 <REP> QuickTime Alternative

20/08/2006 20:56 <REP> Morpheus

21/08/2006 16:04 <REP> LimeWire

14/09/2006 13:42 <REP> Steganos Internet Anonym 7

14/09/2006 13:42 <REP> Secure Surfing Engine

18/09/2006 12:22 <REP> ewido anti-spyware 4.0

18/09/2006 01:13 <REP> HijackThis

0 fichier(s) 0 octets

90 Rép(s) 16 096 231 424 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 116C-0FDF

 

Répertoire de C:\Program Files\fichiers communs

 

15/04/2003 08:53 <REP> .

15/04/2003 08:53 <REP> ..

15/04/2003 08:53 <REP> Microsoft Shared

15/04/2003 08:53 <REP> SpeechEngines

15/04/2003 08:53 <REP> ODBC

15/04/2003 08:59 <REP> System

15/04/2003 08:59 <REP> MSSoap

15/04/2003 08:59 <REP> Services

15/04/2003 09:15 <REP> InstallShield

15/04/2003 10:40 <REP> Adobe

22/04/2005 12:30 <REP> mozilla.org

26/04/2005 16:03 <REP> ACD Systems

31/05/2005 03:10 <REP> Designer

22/06/2005 21:57 <REP> Ahead

23/06/2005 01:48 <REP> Ulead Systems

20/09/2005 21:05 <REP> Macromedia

20/09/2005 21:06 <REP> Vbox

08/10/2005 16:01 <REP> VCAMEye

25/12/2005 18:12 <REP> ScanSoft Shared

13/02/2006 16:03 <REP> Real

05/05/2006 19:08 <REP> xing shared

07/05/2006 20:21 <REP> Java

0 fichier(s) 0 octets

22 Rép(s) 16 096 739 328 octets libres

c:\Documents and Settings\BEN\Menu Démarrer\Programmes\WinRAR\wrar330fr.exe

c:\Documents and Settings\BEN\Mes documents\realalt121.exe

c:\Documents and Settings\BEN\Mes documents\WM9Powertoy_TweakMP.EXE

c:\Documents and Settings\BEN\Mes documents\XviD-1.0-RC4-05042004.exe

c:\Documents and Settings\BEN\Mes documents\AIR FRANCE\crac-nero\cr-nve20.exe

c:\Documents and Settings\BEN\Mes documents\BICS\eCarteBleue-Banque-Populaire-2-PC.EXE

c:\Documents and Settings\BEN\Mes documents\IMPOTS\jre-1_5_0_06-windows-i586-p-iftw.exe

c:\Documents and Settings\BEN\Mes documents\lg 7020\WSC-MA2-SMAF-u\wscma2\wscma2u.exe

c:\Documents and Settings\BEN\Mes documents\toschiba\backgrnd.exe

c:\Documents and Settings\BEN\Mes documents\toschiba\freedom.exe

c:\Documents and Settings\BEN\Mes documents\adrenalynmovies.fre.fr\real player alternative.exe

c:\Documents and Settings\BEN\Bureau\Freeplayer-Win32-20050905.exe

c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_152a65fa.exe

c:\Documents and Settings\BEN\Application Data\Microsoft\Installer\{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}\_76ce4ba2.exe

c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe

c:\Documents and Settings\BEN\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe

c:\Documents and Settings\BEN\My Documents\Morpheus Shared\Downloads\LimeWireWin4.12.3.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\BEN\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

 

 

Pour l'analyse Panda le chargement des activX se stop à la moitier puis plus rien donc g pas pu faire d'analyse.

Je n'ai pas de fichier en gra dans \system32 mais g suprimé de fichier dmcpl.exe.

Internet ramme toujours, je fé koi maintenant? Merci

[Thanos]

salut

 

Pour l'analyse Panda le chargement des activX se stop à la moitier puis plus rien donc g pas pu faire d'analyse.

Je n'ai pas de fichier en gra dans \system32 mais g suprimé de fichier dmcpl.exe.

Internet ramme toujours, je fé koi maintenant? Merci

-Pour Panda, est ce que tu t'es bien assuré que les option d'Internet Explorer sont configurées correctement (les contrôles active x) comme dans le tutoriel de Malekal_Morte?: http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

Sinon, si ca ne marche toujours pas, fais celui de Kaspersky =>

 

Fais un scan en ligne avec Kaspersky WebScanner

Sous Démonstration en ligne" , on t'explique la marche à suivre , et pour lancer le scan il faut sélectionner "Exécuter l'analyse en ligne" .Le scan ne marche que sous Internet Explorer.

On va te demander de télécharger un contôle active x, accepte .

Dans le menu "Choisissez la cible de l'analyse" , sélectionne "Poste de travail".

Le scan va commencer.Poste le rapport qui sera généré stp.

Poste le résultat pour voir si rien ne subsiste sur ton pc

 

-Tu me dit "je n'ai pas de fichier en gras dans system32" : en fait je le met,moi,en gras pour le mettre en évidence, mais tu ne verra rien en gras dans le dossier lui même. Ok pour le fichier effacé

 

-Internet rame?... dis moi est ce qu'un de ces logiciels est lancé en même temps que tu surfes? =>

Emule -Azureus -Kazaa Lite K++-Morpheus 5.2- LimeWire PRO 4.12.3

si c'est le cas, ne t'étonne pas: ca monopolise les 3/4 de la bande passante!!

Fais gaffe avec l'utilisation des logiciels P2P!! ce sont les principaux vecteurs d'infection! Pour t'en convaincre, lis ces deux topics très clairs:

le premier est de Malekal et concerne les cracks => http://forum.malekal.com/sutra4492.php&amp...ght=cracks#4492

le second de Tesgaz concerne le P2P en général => http://forum.zebulon.fr/index.php?showtopic=85544

 

Edgaccess n'étant plus présent sur le pc, tu ne dois plus avoir de pubs intempestives , est ce le cas?

Je te rassure quand même : les derniers rapports sont niquels

 

@+

[binouse]

KASPERSKY ON-LINE SCANNER REPORT

Wednesday, September 20, 2006 5:01:03 AM

Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)

Kaspersky On-line Scanner version : 5.0.83.0

Dernière mise à jour de la base antivirus Kaspersky : 19/09/2006

Enregistrements dans la base antivirus Kaspersky : 211704

Paramètres d'analyse

Analyser avec la base antivirus suivante standard

Analyser les archives vrai

Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail

C:\

D:\

E:\

F:\

Statistiques de l'analyse

Total d'objets analysés 55668

Nombre de virus trouvés 13

Nombre d'objets infectés 183 / 0

Nombre d'objets suspects 48

Durée de l'analyse 03:06:27

 

Nom de l'objet infecté Nom du virus Dernière action

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Inbox/[From "support ebay" ][Date Sun, 19 Jun 05 21:55:31 GMT]/html Infecté : Trojan-Spy.HTML.Bayfraud.hd ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Inbox Mail Berkeley mbox: infecté - 1 ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Trash/[From "support ebay" ][Date Sun, 19 Jun 05 21:55:31 GMT]/html Infecté : Trojan-Spy.HTML.Bayfraud.hd ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Trash Mail Berkeley mbox: infecté - 1 ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From hostmaster@arrakis.es][Date Fri, 17 Dec 2004 00:31:53 UTC]/arrakis.9025.zip/message_text.txt .pif Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From hostmaster@arrakis.es][Date Fri, 17 Dec 2004 00:31:53 UTC]/arrakis.9025.zip Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Sun, 19 Dec 2004 03:08:46 +0100]/UNNAMED/[From hostmaster@bconnex.net][Date Tue, 21 Dec 2004 22:33:21 GMT]/bconnex1183.word.pif Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Sun, 19 Dec 2004 03:08:46 +0100]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 28 Dec 2004 03:30:50 +0100]/UNNAMED/[From "mel lefevre" ][Date Tue, 28 Dec 2004 18:27:27 +0000]/text/[From hostmaster@videotron.ca][Date Wed, 29 Dec 2004 18:51:17 UTC]/videotron_6905.pif Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 28 Dec 2004 03:30:50 +0100]/UNNAMED/[From "mel lefevre" ][Date Tue, 28 Dec 2004 18:27:27 +0000]/text Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 28 Dec 2004 03:30:50 +0100]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Yazafreefly@aol.com][Date Sun, 2 Jan 2005 16:24:41 EST]/UNNAMED/[From "news@rueducommerce.com" ][Date Mon, 03 Jan 2005 03:01:58 +0100]/UNNAMED/[From "mel lefevre" ][Date Tue, 04 Jan 2005 18:06:26 +0000]/re_mail_8633.TXT.bat Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Yazafreefly@aol.com][Date Sun, 2 Jan 2005 16:24:41 EST]/UNNAMED/[From "news@rueducommerce.com" ][Date Mon, 03 Jan 2005 03:01:58 +0100]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Yazafreefly@aol.com][Date Sun, 2 Jan 2005 16:24:41 EST]/UNNAMED Infecté : Email-Worm.Win32.Sober.i ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED/[From "Voyages-sncf.com" ][Date Thu, 6 Jan 2005 13:33:14 +0100 (CET)]/UNNAMED/[From "Jan " ][Date Thu, 06 Jan 2005 15:47:08 -0500]/UNNAMED/[From Smith Barney ][Date Sat, 08 Jan 2005 08:20:11 -0100]/html Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED/[From "Voyages-sncf.com" ][Date Thu, 6 Jan 2005 13:33:14 +0100 (CET)]/UNNAMED/[From "Jan " ][Date Thu, 06 Jan 2005 15:47:08 -0500]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED/[From "Voyages-sncf.com" ][Date Thu, 6 Jan 2005 13:33:14 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 06 Jan 2005 02:35:05 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED/[From "vincent lafuente" Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED/[From "vincent lafuente" ][Date Thu, 13 Jan 2005 00:14:16 +0100]/UNNAMED/[From ][Date Thu, 13 Jan 2005 21:51:29 +0100]/photo.zip Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED/[From "vincent lafuente" ][Date Thu, 13 Jan 2005 00:14:16 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED/[From "Crusan" ][Date Wed, 12 Jan 2005 11:33:45 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 12 Jan 2005 02:22:36 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Marcus " ][Date Fri, 14 Jan 2005 21:39:48 -0500]/UNNAMED/[From Washington Mutual, Inc. ][Date Tue, 18 Jan 2005 05:17:15 -0600]/html Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Marcus " ][Date Fri, 14 Jan 2005 21:39:48 -0500]/UNNAMED Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From ][Date Wed, 19 Jan 2005 21:29:09 +0100]/UNNAMED/desktop.zip/desktop.txt .scr Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From ][Date Wed, 19 Jan 2005 21:29:09 +0100]/UNNAMED/desktop.zip Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From ][Date Wed, 19 Jan 2005 21:29:09 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mabutu.a ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Regions Bank ][Date Wed, 02 Feb 2005 15:53:38 +0100]/html Infecté : Trojan-Spy.HTML.Bankfraud.dq ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14: ... /[From Smith Barney ][Date Fri, 04 Feb 2005 08:20:41 +020 ... /html Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14: ... /[From Smith Barney ][Date Fri, 04 Feb 2005 08:20:41 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED/[From ... /[From ... /[From "eBay" ][Date Thu, 3 Feb 2005 18:19:14 -0800]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED/[From ... /[From Avery Sellers ][Date Thu, 03 Feb 2005 22:45:15 -0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED/[From oruff@swoopin.com][Date Thu, 3 Feb 2005 18:21:39 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED/[From Virtual Florist ][Date 02 Feb 2005 14:16:40 -0600]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED/[From "news@rueducommerce.com" ][Date Wed, 02 Feb 2005 02:22:37 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "eric cayot" ][Date Tue, 1 Feb 2005 21:05:33 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Smitfraud.c ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Jan " ][Date Thu, 10 Feb 2005 05:07:08 -0600]/UNNAMED/[From "benjamin guibert" ][Date Thu, 10 Feb 2005 14:37:59 +0100]/html Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Jan " ][Date Thu, 10 Feb 2005 05:07:08 -0600]/UNNAMED Infecté : Trojan-Spy.HTML.Wamufraud.bo ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Actualis - La newsletter ][Date Thu, 3 mar 2005 13:22:59 +0100]/UNNAMED/[From Regions Bank ][Date Thu, 03 Mar 2005 13:58:04 -0600]/UNNAMED/html Infecté : Trojan-Spy.HTML.Bankfraud.ci ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Actualis - La newsletter ][Date Thu, 3 mar 2005 13:22:59 +0100]/UNNAMED/[From Regions Bank ][Date Thu, 03 Mar 2005 13:58:04 -0600]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ci ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From Actualis - La newsletter ][Date Thu, 3 mar 2005 13:22:59 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ci ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED/[From "news@rueducommerce.com" ] ... /data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Tue, 19 Apr 2005 04:19:14 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 21:19:51 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/text/[From webmaster@xlr-8.ch][Date Tue, 19 Apr ... /details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/text/[From webmaster@xlr-8.ch][Date Tue, 19 Apr 2005 13:17:44 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/text Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From "Lovefield1" ][Date Tue, 19 Apr 2005 19:03:10 +0800]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From sugargliderzfreefly@hotmail.com][Date Tue, 19 Apr 2005 14:26:07 +0200]/UNNAMED/UNNAMED/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From sugargliderzfreefly@hotmail.com][Date Tue, 19 Apr 2005 14:26:07 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From sugargliderzfreefly@hotmail.com][Date Tue, 19 Apr 2005 14:26:07 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From xlr-8er@xlr-8.ch][Date Tue, 19 Apr 2005 15:08:19 +0200]/UNNAMED/UNNAMED/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From xlr-8er@xlr-8.ch][Date Tue, 19 Apr 2005 15:08:19 +0200]/UNNAMED/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED/[From xlr-8er@xlr-8.ch][Date Tue, 19 Apr 2005 15:08:19 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text/[From guido@gwiss-freefly.de][Date Mon, 18 Apr 2005 21:19:22 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "claire_guillaume" ][Date Mon, 18 Apr 2005 21:12:47 +0200]/text Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/list.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/list.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/[From deborah.van.laer@pandora.be][Date Tue, 19 Apr 2005 17:20:27 +0200]/UNNAMED/product.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/[From deborah.van.laer@pandora.be][Date Tue, 19 Apr 2005 17:20:27 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From noreply@paypal.com][Date Tue, 19 Apr 2005 17:03:55 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From "Lea de voyages-sncf.com" ][Date Tue, 19 Apr 2005 17:29:17 +0200 (CEST)]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From "Lea de voyages-sncf.com" ][Date Tue, 19 Apr 2005 17:29:17 +0200 (CEST)]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From "Lea de voyages-sncf.com" ][Date Tue, 19 Apr 2005 17:29:17 +0200 (CEST)]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED/message_guibertbenjamin.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED/message_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From jankasnv@centrum.sk][Date Tue, 19 Apr 2005 20:38:55 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/readme.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/readme.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/[From guido@gwiss-freefly.de][Date Wed, 20 Apr 2005 15:00:27 +0200]/UNNAMED/data.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/[From guido@gwiss-freefly.de][Date Wed, 20 Apr 2005 15:00:27 +0200]/UNNAMED/data.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/[From guido@gwiss-freefly.de][Date Wed, 20 Apr 2005 15:00:27 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From a.felicetti@tin.it][Date Wed, 20 Apr 2005 13:38:24 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED/msg.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From 103609@ticino.com][Date Wed, 20 Apr 2005 15:21:38 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED/file_guibertbenjamin.zip/data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED/file_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From marcusheggli@gmx.net][Date Wed, 20 Apr 2005 18:11:05 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From coorpd@wanadoo.es][Date Tue, 19 Apr 2005 17:01:29 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From "Kelly Cowan" ][Date Wed, 20 Apr 2005 23:15:17 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED/document.txt.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox/[From "news@rueducommerce.com" ][Date Fri, 17 Dec 2004 02:28:43 +0100]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Inbox Mail Berkeley mbox: infecté - 94, suspect - 17 ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/data.zip/data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/data.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From joseph.pfleger@cidou.fr][Date Mon, 18 Apr 2005 16:19:01 +0200]/UNNAMED/software_guibertbenjamin.doc.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From joseph.pfleger@cidou.fr][Date Mon, 18 Apr 2005 16:19:01 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 16:22:12 +0200]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 16:22:12 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From miteeloe@yahoo.com][Date Mon, 18 Apr 2005 16:22:12 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From help@atlas-as.sk][Date Mon, 18 Apr 2005 17:30:29 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From help@atlas-as.sk][Date Mon, 18 Apr 2005 17:30:29 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From mts@lebanon-online.com.lb][Date Mon, 18 Apr 2005 19:17:26 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From mts@lebanon-online.com.lb][Date Mon, 18 Apr 2005 19:17:26 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From willsamantha4@yahoo.com][Date Mon, 18 Apr 2005 17:26:38 +0200]/UNNAMED/postcard.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From romeo@net4u.hr][Date Mon, 18 Apr 2005 15:17:32 +0200]/UNNAMED/[From willsamantha4@yahoo.com][Date Mon, 18 Apr 2005 17:26:38 +0200]/

[binouse]

voila la fini que le poste n'arrive pas à prendre en 1 seul foi,

non il y a pas d'autre logiciel qui tourne du genre P2P et internet rame.

 

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From fabrice.gutierrez@emapfrance.com][Date Wed, 20 Apr 2005 19:18:07 +0200]/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip/details.txt .pif Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED/text.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED/[From yarmani@intercom.it][Date Wed, 20 Apr 2005 19:22:08 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From news@freefly.com][Date Wed, 20 Apr 2005 18:15:20 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From "eBay" ][Date Wed, 20 Apr 2005 13:51:58 -0700]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED/document.txt.zlo Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From "eBay" ][Date Wed, 20 Apr 2005 13:51:58 -0700]/UNNAMED/[From oliver.ploner@blum.com][Date Thu, 21 Apr 2005 12:53:42 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From "eBay" ][Date Wed, 20 Apr 2005 13:51:58 -0700]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/message.zlq Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 21 Apr 2005 03:05:23 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 21 Apr 2005 03:05:23 +0200]/UNNAMED/[From luana@ticino.com][Date Thu, 21 Apr 2005 06:39:36 +0200]/message_guibertbenjamin.zip Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED/[From "news@rueducommerce.com" ][Date Thu, 21 Apr 2005 03:05:23 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED/[From skydive@midcoast.com.au][Date Thu, 21 Apr 2005 06:42:40 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash/[From skydive@gmx.li][Date Mon, 18 Apr 2005 15:13:58 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash Mail Berkeley mbox: infecté - 78, suspect - 27 ignoré

C:\Documents and Settings\BEN\Application Data\AVG7\Log\emc.log L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\ntuser.dat L'objet est verrouillé ignoré

C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip/Patch_Dreamweaver MX6vf.exe Suspect : Password-protected-EXE ignoré

C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip ZIP: suspect - 1 ignoré

C:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP3\change.log L'objet est verrouillé ignoré

D:\Programme\MSNPass_demo.exe/WISE0018.BIN Infecté : Trojan-PSW.Win32.Delf.kn ignoré

D:\Programme\MSNPass_demo.exe WiseSFX: infecté - 1 ignoré

D:\Programme\setup.exe/Stream/data0004 Infecté : Trojan-Spy.Win32.Qeds.b ignoré

D:\Programme\setup.exe/Stream Infecté : Trojan-Spy.Win32.Qeds.b ignoré

D:\Programme\setup.exe Inno: infecté - 2 ignoré

D:\Programme\site web\Patch_Dreamweaver MX6vf.zip/Patch_Dreamweaver MX6vf.exe Suspect : Password-protected-EXE ignoré

D:\Programme\site web\Patch_Dreamweaver MX6vf.zip ZIP: suspect - 1 ignoré

Analyse terminée.

[Thanos]

salut

 

On a bien fait de faire le scan Kaspersky qui a mis en évidence un certain nombre de fichiers infectés dans ta boite mail!

 

Elimine le contenu de ces dossiers =>

 

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\4kycs6k9.slt\Mail\pop.free-2.fr\Trash

 

C:\Documents and Settings\BEN\Application Data\Mozilla\Profiles\default\0rqy826e.slt\Mail\pop.free-3.fr\Inbox

 

Elimine les fichiers suivants=>

 

D:\Programme\MSNPass_demo.exe

D:\Programme\setup.exe

D:\Programme\site web\Patch_Dreamweaver MX6vf.zip

 

* Vide la corbeille.

 

Fais attention a bien configurer AVG!! il faut qu'AVG scanne les mails entrant et sortant!

 

Refais le scan chez Kaspersky après ca et poste le résultat;)

Modifié le 20 septembre 2006 par charles ingals

[binouse]

KASPERSKY ON-LINE SCANNER REPORT

Thursday, September 21, 2006 5:03:24 AM

Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)

Kaspersky On-line Scanner version : 5.0.83.0

Dernière mise à jour de la base antivirus Kaspersky : 20/09/2006

Enregistrements dans la base antivirus Kaspersky : 212040

Paramètres d'analyse

Analyser avec la base antivirus suivante standard

Analyser les archives vrai

Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail

C:\

D:\

E:\

F:\

Statistiques de l'analyse

Total d'objets analysés 56092

Nombre de virus trouvés 3

Nombre d'objets infectés 5 / 0

Nombre d'objets suspects 2

Durée de l'analyse 02:58:25

 

Nom de l'objet infecté Nom du virus Dernière action

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\Temp\ZLT06fd0.TMP L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\BENJAMIN.ldb L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Historique\History.IE5\MSHist012006092020060921\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\Application Data\AVG7\Log\emc.log L'objet est verrouillé ignoré

C:\Documents and Settings\BEN\ntuser.dat L'objet est verrouillé ignoré

C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip/Patch_Dreamweaver MX6vf.exe Suspect : Password-protected-EXE ignoré

C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip ZIP: suspect - 1 ignoré

C:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\change.log L'objet est verrouillé ignoré

D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000678.exe/Stream/data0004 Infecté : Trojan-Spy.Win32.Qeds.b ignoré

D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000678.exe/Stream Infecté : Trojan-Spy.Win32.Qeds.b ignoré

D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000678.exe Inno: infecté - 2 ignoré

D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000679.exe/WISE0018.BIN Infecté : Trojan-PSW.Win32.Delf.kn ignoré

D:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP4\A0000679.exe WiseSFX: infecté - 1 ignoré

Analyse terminée.

 

 

 

 

A la fermeture d'IE un panneau d'erreur d'application s'affiche et me dit:

"l'instruction à "0x0150a9fe" emploie l'adresse mémoire "0x018438b8". La mémoire ne peut pas etre "read".

 

merci

[Thanos]

salut

 

La restauration système est infectée:

 

pour ne pas restaurer un système vérolé en cas de problème, il faut la désactiver comme ceci=>

 

Supprime la restauration système=> aide visuelle

Clique sur Démarrer.

Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC.Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

 

Elimine le fichier suivant:

 

C:\Program Files\Macromedia\Dreamweaver MX\Patch_Dreamweaver MX6vf.zip

 

Y a t'il encore des ralentissements quand tu vas sur internet? avec Firefox aussi?meêm message d'erreur avec Internet Explorer?

 

Juste pour vérification , un petit scan rapide =>

 

Télécharge Blacklight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

 

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

 

@+