Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

  • 1 mois après...
Posté(e)

Salut Bruce!

 

comment va? Me voila de retour mais sur le PC de mon père (bonne fête!). Je lui ai fait un p'tit scan avec AntiVir en mode sans échec et un p'tit log avec HijackThis! Juste pour savoir s'il y a des trucs ki clochent dessus. A la suite je te mets les 2 rapports:

 

 

AntiVir PersonalEdition Classic

Report file date: samedi 17 juin 2006 17:44

 

Scanning for 409240 virus strains and unwanted programs.

 

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 1) [5.1.2600]

Username: Propriétaire

Computer name: NOM-FHA60KKNN64

 

Version informations:

AVSCAN.EXE : 7.0.0.42 376872 17/06/2006 14:49:59

AVSCAN.DLL : 7.0.0.42 53288 17/06/2006 14:49:59

LUKE.DLL : 7.0.0.42 110632 17/06/2006 14:50:01

LUKERES.DLL : 7.0.0.42 25640 17/06/2006 14:50:01

ANTIVIR0.VDF : 6.35.0.1 7371264 17/06/2006 14:49:56

ANTIVIR1.VDF : 6.35.0.5 2048 17/06/2006 14:49:57

ANTIVIR2.VDF : 6.35.0.33 173568 17/06/2006 14:49:57

ANTIVIR3.VDF : 6.35.0.42 16384 17/06/2006 14:49:57

AVEWIN32.DLL : 7.1.0.13 1536512 17/06/2006 14:49:57

AVPREF.DLL : 7.0.0.1 33832 17/06/2006 14:49:58

AVREP.DLL : 6.35.0.2 454696 17/06/2006 14:49:59

AVRPBASE.DLL : 7.0.0.0 1544232 17/06/2006 14:49:59

AVPACK32.DLL : 7.1.0.1 331816 17/06/2006 14:49:58

AVREG.DLL : 6.31.0.90 25128 17/06/2006 14:49:58

NETNT.DLL : 6.32.0.0 6696 17/06/2006 14:50:02

NETNW.DLL : 6.32.0.0 9768 17/06/2006 14:50:02

RCIMAGE.DLL : 7.0.0.71 1642536 17/06/2006 14:50:05

RCTEXT.DLL : 7.0.0.75 77864 17/06/2006 14:50:05

 

Configuration settings for the scan:

Jobname: '%s'.................: Manual Selection

Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Boot sectors..................: A,C,D,E,F

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,

Macro heuristic...............: 1

File heuristic................: 3

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: samedi 17 juin 2006 17:44

 

 

The scan over running processes will be started

12 Processes was scanned

 

Start scanning boot sectors:

 

Boot sector 'A:\'

[NOTE] In the drive 'A:\' no data medium is inserted!

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 36 files ).

 

 

Starting the file scan:

 

The path A:\ could not be found!

Le périphérique n'est pas prêt.

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

[WARNING] The file could not be opened!

C:\Documents and Settings\Default User\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]40.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]44.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]48.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]96.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]102.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]110.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]134.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]142.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]162.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]164.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]168.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]176.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]184.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]372.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]402.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]406.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\Documents and Settings\Default User\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust Bank <custservice_id_980620@southtru][subject: SouthTrust Bank security maintenance]26.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: andre.duval10@wanadoo.fr][subject: Re: document]28.mim

[DETECTION] Contains signature of the worm WORM/Netsky.X

[1] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.X

--> Mailbox_[From: SouthTrust Bank <custservice_578127576@southtru][subject: SouthTrust Bank - Urgent Security Notice [sat, ]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]86.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]90.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]98.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]114.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]156.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]158.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]170.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]190.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]200.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]216.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]220.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]222.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]234.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]260.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]450.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]480.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]490.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\Documents and Settings\Propriétaire\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\Propriétaire\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]40.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]44.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]48.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]96.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]102.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]110.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]134.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]142.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]162.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]164.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]168.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]176.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]184.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]372.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]402.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]406.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: extincteur@hotmail.com][subject: Mail Delivery (failure w.widendaele@tiscali.fr)]416.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> message.scr

[DETECTION] Contains signature of the worm WORM/NetSky.P

--> Mailbox_[From: tmadisclaire@wanadoo.fr][subject: Mail Delivery (failure w.widendaele@tiscali.fr)]418.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> message.scr

[DETECTION] Contains signature of the worm WORM/NetSky.P

--> Mailbox_[From: support@symantec.com][subject: Re: Virus Sample]420.mim

[1] Archive type: MIME

--> signature.zip

[DETECTION] Contains signature of the worm WORM/NetSky.P

[2] Archive type: ZIP

--> details.txt .pif

[DETECTION] Contains signature of the worm WORM/NetSky.P

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]596.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: robert.dedieu@free.fr][subject: Re: Your bill]686.mim

[1] Archive type: MIME

--> your_bill.pif

[DETECTION] Contains signature of the worm WORM/Netsky.K

--> Mailbox_[From: info@adc-soft.com][subject: smtp mail failed]764.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: hostmaster@cegetel.net][subject: Mail delivery failed]772.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]782.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@presence-pc.com][subject: Mail delivery failed]786.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: postman@semimarathon-lille.com][subject: Your_Password]800.mim

[1] Archive type: MIME

--> reg_pass.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: modeste04a@infonie.fr][subject: hi,_ive_a_new_mail_address]820.mim

[1] Archive type: MIME

--> mailtext.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: info@fr.ibm.com][subject: Paris Hilton & Nicole Richie]830.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: office@wanadoo.fr][subject: Paris Hilton & Nicole Richie]858.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: Mail@fbi.gov][subject: You visit illegal websites]862.mim

[1] Archive type: MIME

--> question_list.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]864.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]880.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@freesbee.fr][subject: Mail delivery failed]890.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]892.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]910.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Alsg.jpcabret" <alsg.jpcabret@wanadoo.fr>][subject: Registration is accepted]1254.mim

[1] Archive type: MIME

--> zupd02.zip

[2] Archive type: ZIP

--> tjzxtsl.exe

[DETECTION] Contains signature of the worm WORM/Bagle.FH

--> Mailbox_[From: "VISA Service" <VisaService@visa.com>][subject: Attention! Several VISA Credit Card bases have ]1360.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]1628.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: CitiBusiness Security Staff <securitystaff@citi][subject: CitiBusiness department banking software change]1666.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

--> cblogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.A

--> citilogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.B

--> Mailbox_[From: MidAmerica Bank <pw-conf@midamerica.com>][subject: Update account information]2670.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

--> Mailbox_[From: MidAmerica Bank <aw-conf@midamerica.com>][subject: Security Measures]2674.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[WARNING] The file was ignored!

C:\Documents and Settings\Propriétaire\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]194.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: robert.dedieu@free.fr][subject: Re: Your bill]276.mim

[1] Archive type: MIME

--> your_bill.pif

[DETECTION] Contains signature of the worm WORM/Netsky.K

--> Mailbox_[From: info@adc-soft.com][subject: smtp mail failed]352.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: hostmaster@cegetel.net][subject: Mail delivery failed]356.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]382.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@presence-pc.com][subject: Mail delivery failed]390.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: postman@semimarathon-lille.com][subject: Your_Password]402.mim

[1] Archive type: MIME

--> reg_pass.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: modeste04a@infonie.fr][subject: hi,_ive_a_new_mail_address]416.mim

[1] Archive type: MIME

--> mailtext.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: info@fr.ibm.com][subject: Paris Hilton & Nicole Richie]422.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: office@wanadoo.fr][subject: Paris Hilton & Nicole Richie]452.mim

[1] Archive type: MIME

--> downloadm.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: Mail@fbi.gov][subject: You visit illegal websites]456.mim

[1] Archive type: MIME

--> question_list.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]458.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]478.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: info@freesbee.fr][subject: Mail delivery failed]484.mim

[1] Archive type: MIME

--> mail_body.zip

[DETECTION] Contains signature of the worm WORM/Sober.Y

[2] Archive type: ZIP

--> File-packed_dataInfo.exe

[DETECTION] Contains signature of the worm WORM/Sober.Y

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]486.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]504.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: "Alsg.jpcabret" <alsg.jpcabret@wanadoo.fr>][subject: Registration is accepted]874.mim

[1] Archive type: MIME

--> zupd02.zip

[2] Archive type: ZIP

--> tjzxtsl.exe

[DETECTION] Contains signature of the worm WORM/Bagle.FH

--> Mailbox_[From: "VISA Service" <VisaService@visa.com>][subject: Attention! Several VISA Credit Card bases have ]978.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/VisaFraud.B

--> Mailbox_[From: "Andrew Smith" <andrew1996@yahoo.com> ][subject: 123 ]1248.mim

[1] Archive type: MIME

--> PlayGirls2.exe

[DETECTION] Contains signature of the worm WORM/Maslan.A.2

--> Mailbox_[From: CitiBusiness Security Staff <securitystaff@citi][subject: CitiBusiness department banking software change]1296.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

[1] Archive type: MIME

--> file0.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfrau.Z1

--> cblogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.A

--> citilogo.gif

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/CitiBkfr.Z1.B

--> Mailbox_[From: MidAmerica Bank <pw-conf@midamerica.com>][subject: Update account information]2274.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

--> Mailbox_[From: MidAmerica Bank <aw-conf@midamerica.com>][subject: Security Measures]2306.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[1] Archive type: MIME

--> file1.html

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/Midamerica.A

[WARNING] The file was ignored!

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\zipo0.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.3

[iNFO] The file was deleted!

C:\WINDOWS\zipo1.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.4

[iNFO] The file was deleted!

C:\WINDOWS\zipo2.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.5

[iNFO] The file was deleted!

C:\WINDOWS\zipo3.txt

[DETECTION] Contains signature of the worm WORM/NetSky.Q.5

[iNFO] The file was deleted!

C:\WINDOWS\system32\EGDACCESS.dll

[DETECTION] Contains signature of the dial-up program DIAL/301999

[iNFO] The file was deleted!

C:\WINDOWS\system32\EGDACCESS_1055.dll

[DETECTION] Contains signature of the dial-up program DIAL/61440.A

[iNFO] The file was deleted!

C:\WINDOWS\system32\EGDACCESS_1057.dll

[DETECTION] Contains signature of the dial-up program DIAL/301999

[iNFO] The file was deleted!

C:\WINDOWS\system32\osconfig.dll

[DETECTION] Contains signature of the SPR/MarketScode.C program

[iNFO] The file was deleted!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Inbox

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]40.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]44.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]48.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]96.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]102.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]110.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]134.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]142.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]162.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]164.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]168.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]176.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]184.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]372.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]402.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]406.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\WINDOWS\system32\config\systemprofile\Application Data\Thunderbird\Profiles\t0sn79qj.default\Mail\Local Folders\Trash

[0] Archive type: Netscape/Mozilla Mailbox

--> Mailbox_[From: SouthTrust Bank <custservice_id_980620@southtru][subject: SouthTrust Bank security maintenance]26.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: andre.duval10@wanadoo.fr][subject: Re: document]28.mim

[DETECTION] Contains signature of the worm WORM/Netsky.X

[1] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.X

--> Mailbox_[From: SouthTrust Bank <custservice_578127576@southtru][subject: SouthTrust Bank - Urgent Security Notice [sat, ]30.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]86.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> document.pif

[DETECTION] Contains signature of the worm WORM/NetSky.Q.13

--> Mailbox_[From: SouthTrust <custservice_id_9166766141648@southt][subject: Important information from SouthTrust Bank bill]90.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: SouthTrust Bank <custservice_id_48100590534202@][subject: SOUTHTRUST BANK: PLEASE CONFIRM YOUR INTERNET B]98.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: berrard.j.jacques@wanodoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]114.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: athletisme.stade-villeneuvois@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]156.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: guy.chuiton@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]158.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: shaista@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]170.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SOUTHTRUST <supprefnum607312390020@southtrust.c][subject: URGENT SECURITY NOTIFICATION]190.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: saintagnant.athle@9online.fr][subject: [avast! - INFECTED] Mail Delivery (failure wi]200.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ldeseynes@aol.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]216.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: MAILER-DAEMON@wanadoo.fr (Mail Delivery System)][subject: Undelivered Mail Returned to Sender]220.mim

[1] Archive type: MIME

--> file2.mim

[2] Archive type: MIME

--> file0.mim

[3] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: je.suis.un.canard@caramail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]222.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: vivipiv@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]234.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: SouthTrust <custservice_id_0559853510@southtrus][subject: SOUTHTRUST BANK - SECURITY UPDATE]260.mim

[DETECTION] Enthält Signatur der Phish-Datei/Email PHISH/SunBkfraud.G

--> Mailbox_[From: waly108@hotmail.com][subject: [avast! - INFECTED] Mail Delivery (failure w.]450.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: ligue.athle.guyane@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]480.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

--> Mailbox_[From: michelmag2@wanadoo.fr][subject: [avast! - INFECTED] Mail Delivery (failure w.]490.mim

[1] Archive type: MIME

--> file0.mim

[2] Archive type: MIME

--> file1.html

[DETECTION] Contains signature of the worm WORM/NetSky.P.Expl

[WARNING] The file was ignored!

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

[DETECTION] Contains suspicious code HEUR/Trojan.Keylogger

[iNFO] The file was deleted!

The path E:\ could not be found!

Le périphérique n'est pas prêt.

 

The path F:\ could not be found!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: samedi 17 juin 2006 21:08

Used time: 3:23:33 min

 

The scan has been done completely.

 

8168 Scanning directories

372779 Files were scanned

182 viruses and/or unwanted programs was found

9 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

24015 Archives were scanned

22 Warnings

0 Notes

 

Pendant le scan, il est tombé sur bocou de mails (Y'A KE CA EN FAIT! LOL!!) ki lui était impossible à réparer ou supprimer, comment faire pour les traiter?

 

Logfile of HijackThis v1.99.1

Scan saved at 23:14:59, on 17/06/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\USB Storage RW\shwicon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Advanced Messenger Plus\AdvMsg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe

O4 - Global Startup: Advanced Messenger Plus.lnk = C:\Program Files\Advanced Messenger Plus\AdvMsg.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

 

Voila c'est fait, bon courage merci d'avance!

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...