Reseau infecté par virus Bloodhound.Exploit.6
KaNyBaL
Messages postés
10
Statut
Membre
-
jean38 Messages postés 2534 Date d'inscription Statut Contributeur Dernière intervention -
jean38 Messages postés 2534 Date d'inscription Statut Contributeur Dernière intervention -
Voici le scan hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:47:29, on 22/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ESM2\SAGENT2.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WANADOO\UTILISATEUR1\MA MUSIQUE\MIRC.EXE
C:\PROGRAM FILES\WANADOO\UTILISATEUR1\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 148.244.150.58:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [PATCH] C:\WINDOWS\PATCH.EXE /nomsg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\ESM2\SAgent2.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [napwdll32] C:\WINDOWS\System32\napwdll32.exe
O4 - HKCU\..\Run: [NeroChecks] C:\WINDOWS\System32\rdlt32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: EPSON Contrôleur en arrière plan.lnk = C:\ESM2\STMS.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .MPG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Bernadette.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02e3ac4b221b2f934416/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = WANADOO
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 193.252.19.3,193.252.19.4
Logfile of HijackThis v1.99.1
Scan saved at 23:47:29, on 22/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ESM2\SAGENT2.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WANADOO\UTILISATEUR1\MA MUSIQUE\MIRC.EXE
C:\PROGRAM FILES\WANADOO\UTILISATEUR1\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 148.244.150.58:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [PATCH] C:\WINDOWS\PATCH.EXE /nomsg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\ESM2\SAgent2.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [napwdll32] C:\WINDOWS\System32\napwdll32.exe
O4 - HKCU\..\Run: [NeroChecks] C:\WINDOWS\System32\rdlt32.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: EPSON Contrôleur en arrière plan.lnk = C:\ESM2\STMS.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .MPG: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Bernadette.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02e3ac4b221b2f934416/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = WANADOO
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 193.252.19.3,193.252.19.4
A voir également:
- Reseau infecté par virus Bloodhound.Exploit.6
- Le message n'a pas été envoyé car le service n'est pas activé sur le réseau - Forum Xiaomi
- Paris multiple 2/6 explication ✓ - Forum Loisirs / Divertissements
- Virus mcafee - Accueil - Piratage
- Belote a 6 - Forum jeux en ligne
- Softonic virus - Forum Virus
2 réponses
Ayant appris qu'il faut le log de ravantivirus pour virer ce worm, je vous le post aussi :
Scan started at 23/08/05 06:03:47
Scanning memory...
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.623: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:web... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.463: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.463: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:mes... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.261: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:Not... - Win32/Netsky.Z@mm.dam#2 -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.196: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.196: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:mes... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.194: (icdbl@optonline.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.193: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.193: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:mes... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.185: (perle_de_corail5@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.179: (emilie.gurhem@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.172: (belizah@aol.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.171: (emilie.roinel@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.166: (fandejules@caramail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.163: (webmaster@apprendrelaguitare.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.162: (kermith72@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.156: (blabla@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.155: (sherlock.janet@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.154: (besoin_de_tendresse@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.144: (yahoo-register@yahoo-inc.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.142: (pierre.vatel@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.136: (suptech@itw.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.133: (online.fr-eloise.coquard@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.124: (marinewicket@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.118: (r.marion@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.116: (3dlaura.roine@laposte.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.110: (i4h30890@europe.nexen.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.107: (thierry.maulave@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.106: (1079182871.4053061710a83@imp4-q.free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.105: (h_muchita@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.99: (cappouchinno@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.98: (MAILER-DAEMON@aceboard.net [failure notice])->(part0000:)->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.96: (MAILER-DAEMON@lumiva.privatedns.com [failure notice])->(part0000:)->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.94: (tiaf@marxists.org [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.93: (1082218059.84.84247.m21@yahoogroupes.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.92: (MAILER-DAEMON@free.fr [failure notice])->(part0000:)->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.91: (dechiffrer_bilan_entreprise@netpme.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.89: (fwilson@championzone.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.85: (jef@acme.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.84: (liguecheval@yahoogroupes.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.81: (52@smtp.free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.77: (jlacourcelle@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.75: (ecegler@netscape.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.73: (reitsportzentrum@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.72: (humourdunet@yahoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.69: (petite-fromage@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.68: (1075449141.401a0d35193b7@imp2-q.free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.64: (bodyblouse@yahoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.62: (icolas@cellon.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.56: (magalie.alvarez@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.45: (20040212125523.3818.qmail@ns7.prizee.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.36: (revedeponey@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.35: (21747343@hamstersenfolie.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.34: (MAILER-DAEMON@voila.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->(IF... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.34: (MAILER-DAEMON@voila.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:messag... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.33: (stephane.roussel@mpsa.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.31: (d.brochard@9online.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.5: (dark.lotus.of.chaos@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.3: (info@amtechdisc.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
c:\NService\control.ini - Backdoor:IRC/Fylex.A* -> Infected
Scanned
============================
Objects: 25335
Directories: 1917
Archives: 816
Size(Kb): -1118833
Infected files: 60
Found
============================
Viruses found: 4
Suspicious files: 1
Disinfected files: 0
Mail files: 784
Scan started at 23/08/05 06:03:47
Scanning memory...
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.623: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:web... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.463: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.463: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:mes... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.261: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:Not... - Win32/Netsky.Z@mm.dam#2 -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.196: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.196: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:mes... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.194: (icdbl@optonline.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.193: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.193: (MAILER-DAEMON@wanadoo.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:mes... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.185: (perle_de_corail5@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.179: (emilie.gurhem@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.172: (belizah@aol.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.171: (emilie.roinel@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.166: (fandejules@caramail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.163: (webmaster@apprendrelaguitare.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.162: (kermith72@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.156: (blabla@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.155: (sherlock.janet@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.154: (besoin_de_tendresse@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.144: (yahoo-register@yahoo-inc.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.142: (pierre.vatel@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.136: (suptech@itw.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.133: (online.fr-eloise.coquard@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.124: (marinewicket@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.118: (r.marion@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.116: (3dlaura.roine@laposte.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.110: (i4h30890@europe.nexen.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.107: (thierry.maulave@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.106: (1079182871.4053061710a83@imp4-q.free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.105: (h_muchita@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.99: (cappouchinno@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.98: (MAILER-DAEMON@aceboard.net [failure notice])->(part0000:)->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.96: (MAILER-DAEMON@lumiva.privatedns.com [failure notice])->(part0000:)->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.94: (tiaf@marxists.org [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.93: (1082218059.84.84247.m21@yahoogroupes.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.92: (MAILER-DAEMON@free.fr [failure notice])->(part0000:)->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.91: (dechiffrer_bilan_entreprise@netpme.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.89: (fwilson@championzone.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.85: (jef@acme.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.84: (liguecheval@yahoogroupes.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.81: (52@smtp.free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.77: (jlacourcelle@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.75: (ecegler@netscape.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.73: (reitsportzentrum@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.72: (humourdunet@yahoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.69: (petite-fromage@hotmail.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.68: (1075449141.401a0d35193b7@imp2-q.free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.64: (bodyblouse@yahoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.62: (icolas@cellon.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.56: (magalie.alvarez@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.45: (20040212125523.3818.qmail@ns7.prizee.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.36: (revedeponey@free.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.35: (21747343@hamstersenfolie.net [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.34: (MAILER-DAEMON@voila.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0001:)->(IF... - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.34: (MAILER-DAEMON@voila.fr (Mail Delivery System) [Undelivered Mail Returned to Sender])->(part0003:)->(part0002:messag... - Win32/Netsky.P@mm -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.33: (stephane.roussel@mpsa.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.31: (d.brochard@9online.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.5: (dark.lotus.of.chaos@wanadoo.fr [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{881F26A0-1084-11D8-A5C4-FF9209530B37}\Microsoft\Outlook Express\Éléments supprimés.dbx->Message.3: (info@amtechdisc.com [Mail Delivery (failure ent.b@wanadoo.fr)])->(part0001:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
c:\NService\control.ini - Backdoor:IRC/Fylex.A* -> Infected
Scanned
============================
Objects: 25335
Directories: 1917
Archives: 816
Size(Kb): -1118833
Infected files: 60
Found
============================
Viruses found: 4
Suspicious files: 1
Disinfected files: 0
Mail files: 784
salut,
imprime la manip si dessous, si tu rates une etapes, enchaine (notemment 1 je sais plus exactement sous win98)...
A/ si tu ne les as pas, telecharge:
Ad-Aware SE 1.06
http://www.lavasoftusa.com/software/adaware/
Spybot S&D 1.4
http://www.safer-networking.org/fr/index.html
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
puis Clean Up 40 :
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
ne les utilise pas tout de suite
idem si tu ne l’as pas A2 free sur http://www.emsisoft.net/fr/software/download/
met à jour spybot, ad aware et a2 free sur internet (tu trouves l’option dans les menus) mais ne lance pas les scan.
1) demarrer
panneau de configuration
outil
option des dossiers
affichage,
coche afficher dossier cachés
decoche : masquer extension des fichiers dont le type est connu
masquer les fichiers protégés du systeme d'exploitation.
2) demarre en mode sans echec.
Soit tu tapotte sur la touche F8 alancement de Windows et tu choisi sans echec (pas d’inquiétude pour l’aspect de l’ecran)
3) lance hijack, ferme le bloc note et coche les cases devant les lignes, à la fin valide à l’aide du bouton fix checked:
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [PATCH] C:\WINDOWS\PATCH.EXE /nomsg
O4 - HKCU\..\Run: [napwdll32] C:\WINDOWS\System32\napwdll32.exe
O4 - HKCU\..\Run: [NeroChecks] C:\WINDOWS\System32\rdlt32.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Bernadette.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) -
http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02e3ac4b221b2f934416/netzip/RdxIE601_fr.cab
5) supprime les fichiers
C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL
C:\Program Files\oneclick <<-- le dossier
C:\WINDOWS\PATCH.EXE /nomsg
C:\WINDOWS\System32\napwdll32.exe
C:\WINDOWS\System32\rdlt32.exe
execute cleanup40.exe
tu relances tes scan ad aware
puis spy boot
puis a2 free
et vire tout ce qu'ils trouvent (c'est un peu long mais tu devrais t'en sortir).
vide ta poubelle et redemarre en mode normal, c'est à dire avant de redemarrer, tu refais la manip de départ (1) mais en recochant ... pour retrouver la config de départ.
redemarre
refait un log et tes pbs?
imprime la manip si dessous, si tu rates une etapes, enchaine (notemment 1 je sais plus exactement sous win98)...
A/ si tu ne les as pas, telecharge:
Ad-Aware SE 1.06
http://www.lavasoftusa.com/software/adaware/
Spybot S&D 1.4
http://www.safer-networking.org/fr/index.html
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
puis Clean Up 40 :
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
ne les utilise pas tout de suite
idem si tu ne l’as pas A2 free sur http://www.emsisoft.net/fr/software/download/
met à jour spybot, ad aware et a2 free sur internet (tu trouves l’option dans les menus) mais ne lance pas les scan.
1) demarrer
panneau de configuration
outil
option des dossiers
affichage,
coche afficher dossier cachés
decoche : masquer extension des fichiers dont le type est connu
masquer les fichiers protégés du systeme d'exploitation.
2) demarre en mode sans echec.
Soit tu tapotte sur la touche F8 alancement de Windows et tu choisi sans echec (pas d’inquiétude pour l’aspect de l’ecran)
3) lance hijack, ferme le bloc note et coche les cases devant les lignes, à la fin valide à l’aide du bouton fix checked:
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL
O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [PATCH] C:\WINDOWS\PATCH.EXE /nomsg
O4 - HKCU\..\Run: [napwdll32] C:\WINDOWS\System32\napwdll32.exe
O4 - HKCU\..\Run: [NeroChecks] C:\WINDOWS\System32\rdlt32.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR
O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} (Ulysse Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Penelope.cab
O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Bernadette.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) -
http://chat7.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02e3ac4b221b2f934416/netzip/RdxIE601_fr.cab
5) supprime les fichiers
C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL
C:\Program Files\oneclick <<-- le dossier
C:\WINDOWS\PATCH.EXE /nomsg
C:\WINDOWS\System32\napwdll32.exe
C:\WINDOWS\System32\rdlt32.exe
execute cleanup40.exe
tu relances tes scan ad aware
puis spy boot
puis a2 free
et vire tout ce qu'ils trouvent (c'est un peu long mais tu devrais t'en sortir).
vide ta poubelle et redemarre en mode normal, c'est à dire avant de redemarrer, tu refais la manip de départ (1) mais en recochant ... pour retrouver la config de départ.
redemarre
refait un log et tes pbs?
