[virus] infecté par un tas de cochonneries

cat -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
bonjour à tous
mon ordi fait n'importe quoi
des fenêtres s'ouvrent n'importe comment j'ai un tas de processus qui tournent et qui sont louches
bref c'est la panique
je remercie donc l'ame charitable qui voudra bien se pencher sur mon log hijackthis

merci mille fois

cat

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:28:18, on 15/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\wininet.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Avant Browser\avant.exe
C:\DriverLoad\windrv0.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DriverLoad\windrv0.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\lolocat\Mes documents\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {F5938714-BD46-408A-9842-4058206D37E3} - C:\WINDOWS\Temp\~00754.tmp
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSNS PLUS XP2] inetinfos.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mstsdsc.exe] c:\windows\system32\mstsdsc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [alpha] c:\DriverLoad\windrv0.exe
O4 - HKCU\..\Run: [beta] c:\DriverLoad\windrv0.exe
O4 - HKCU\..\Run: [gamma] c:\DriverLoad\windrv0.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\DriverLoad\windrv0.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\DriverLoad\windrv0.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\DriverLoad\windrv0.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{13F3EA0B-0817-4E7B-830A-E2EEB0B5BADE}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{17C0E562-7A8D-425D-8792-EC221410112D}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E2BBD65-E3CA-4AEB-AA3D-1A455B968F2C}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CCABE2-064E-4778-B7F6-4812BE7532A1}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5970EAE-859F-4296-8AAC-664216176BB6}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4BD2A70-4E5E-4797-80A1-70D959A18AF3}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\lolocat\LOCALS~1\Temp\dnlsvc.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\System32\.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 14232 bytes
Configuration: Windows XP
Internet Explorer 6.0

6 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    voir ici : 2ème cas !

    page internet google redirigee

    ++
    0
  2. cat
     
    salut merci pour l'info
    j'ai executé fixwareout comme conseillé et on dirait que les lignes O17 vers l'ukraine n'existe plus
    ci joint le log hijack this
    toutefois j'ai encore des choses pas nettes dans mes processus et des fenêtres intempestives qui me proposent un obscur programme à ouvrir ou enregistrer.....
    merci en tous green day c'est cool de nous aider
    bye

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:44:51, on 16/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\windows\system32\mstsdsc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\wininet.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Documents and Settings\lolocat\Mes documents\HiJackThis_v2.exe
    C:\DriverLoad\windrv0.exe
    C:\DriverLoad\windrv0.exe
    C:\DriverLoad\windrv0.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {F5938714-BD46-408A-9842-4058206D37E3} - C:\WINDOWS\Temp\~00754.tmp
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mstsdsc.exe] c:\windows\system32\mstsdsc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSNS PLUS XP2] inetinfos.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [alpha] c:\DriverLoad\windrv0.exe
    O4 - HKCU\..\Run: [beta] c:\DriverLoad\windrv0.exe
    O4 - HKCU\..\Run: [gamma] c:\DriverLoad\windrv0.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\DriverLoad\windrv0.exe
    O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\DriverLoad\windrv0.exe
    O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\DriverLoad\windrv0.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [CDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [beta] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13F3EA0B-0817-4E7B-830A-E2EEB0B5BADE}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{17C0E562-7A8D-425D-8792-EC221410112D}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E2BBD65-E3CA-4AEB-AA3D-1A455B968F2C}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85CCABE2-064E-4778-B7F6-4812BE7532A1}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A5970EAE-859F-4296-8AAC-664216176BB6}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4BD2A70-4E5E-4797-80A1-70D959A18AF3}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
    O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\lolocat\LOCALS~1\Temp\dnlsvc.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    fais les manips de ce lien stp :

    virus methode preliminaire de desinfection version fr

    ++
    0
  4. cat
     
    ok
    voici les rapports mais j'ai toujours des trucs pas nets
    on dirait qu'ils sont pas encore tout à fait morts

    bit defender

    Time
    01:05:01

    Files
    348209

    Folders
    4170

    Boot Sectors
    5

    Archives
    31236

    Packed Files
    17093

    Results

    Identified Viruses
    7

    Infected Files
    31

    Suspect Files
    35

    Warnings
    0

    Disinfected
    0

    Deleted Files
    64

    Engines Info

    Virus Definitions
    486403

    Engine build
    AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\lolocat\Mes documents\Mes fichiers reçus\photo album.zip=>photo album2007.pif
    Infected with: Worm.Sedoubot.A

    C:\Documents and Settings\lolocat\Mes documents\Mes fichiers reçus\photo album.zip=>photo album2007.pif
    Disinfection failed

    C:\Documents and Settings\lolocat\Mes documents\Mes fichiers reçus\photo album.zip=>photo album2007.pif
    Deleted

    C:\Documents and Settings\lolocat\Mes documents\Mes fichiers reçus\photo album.zip
    Updated

    C:\WINDOWS\system32\mstsdsc.exe
    Infected with: Trojan.Downloader.JIOM

    C:\WINDOWS\system32\mstsdsc.exe
    Disinfection failed

    C:\WINDOWS\system32\mstsdsc.exe
    Delete failed

    C:\WINDOWS\system32\tmwsock.dll
    Infected with: Trojan.Downloader.JIOM

    C:\WINDOWS\system32\tmwsock.dll
    Disinfection failed

    C:\WINDOWS\system32\tmwsock.dll
    Delete failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 1808)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Mon, 29 Mar 2004 16:51:12 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Infected with: Exploit.Iframe.Vulnerability.B

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 1808)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Mon, 29 Mar 2004 16:51:12 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 1808)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Mon, 29 Mar 2004 16:51:12 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 1808)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Mon, 29 Mar 2004 16:51:12 +0200]=>(MIME part)=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 1808)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Mon, 29 Mar 2004 16:51:12 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 1808)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2492)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2492)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2492)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2495)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2495)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2495)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2511)=>[From: "MS Message Storage Service" (MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2511)=>[From: "MS Message Storage Service" (MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2511)=>[From: "MS Message Storage Service" (MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2511)=>[From: "MS Message Storage Service" (MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2511)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2526)=>[Subject: Failure Notice][Date: Thu, 16 Oct 2003 00:38:55 -0500 (CDT)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2526)=>[Subject: Failure Notice][Date: Thu, 16 Oct 2003 00:38:55 -0500 (CDT)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2526)=>[Subject: Failure Notice][Date: Thu, 16 Oct 2003 00:38:55 -0500 (CDT)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2526)=>[Subject: Failure Notice][Date: Thu, 16 Oct 2003 00:38:55 -0500 (CDT)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2526)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2528)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2528)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2528)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2535)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2535)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2535)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2537)=>[Subject: VIRUS WARNING!: Error Advice][Date: Tue, 14 Oct 2003 11:40:53 +0200]=>(MIME part)=>(message)=>[Subject: Error Advice][Date: Tue, 14 Oct 2003 11:39:50 +0200]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2537)=>[Subject: VIRUS WARNING!: Error Advice][Date: Tue, 14 Oct 2003 11:40:53 +0200]=>(MIME part)=>(message)=>[Subject: Error Advice][Date: Tue, 14 Oct 2003 11:39:50 +0200]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2537)=>[Subject: VIRUS WARNING!: Error Advice][Date: Tue, 14 Oct 2003 11:40:53 +0200]=>(MIME part)=>(message)=>[Subject: Error Advice][Date: Tue, 14 Oct 2003 11:39:50 +0200]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2537)=>[Subject: VIRUS WARNING!: Error Advice][Date: Tue, 14 Oct 2003 11:40:53 +0200]=>(MIME part)=>(message)=>[Subject: Error Advice][Date: Tue, 14 Oct 2003 11:39:50 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2537)=>[Subject: VIRUS WARNING!: Error Advice][Date: Tue, 14 Oct 2003 11:40:53 +0200]=>(MIME part)=>(message)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2537)=>[Subject: VIRUS WARNING!: Error Advice][Date: Tue, 14 Oct 2003 11:40:53 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2537)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2540)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2540)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2540)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2544)=>[Subject: VIRUS WARNING!: report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2544)=>[Subject: VIRUS WARNING!: report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2544)=>[Subject: VIRUS WARNING!: report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2544)=>[Subject: VIRUS WARNING!: report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2544)=>[Subject: VIRUS WARNING!: report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2544)=>[Subject: VIRUS WARNING!: report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2544)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2545)=>[Subject: VIRUS WARNING!: Report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: Report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2545)=>[Subject: VIRUS WARNING!: Report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: Report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2545)=>[Subject: VIRUS WARNING!: Report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: Report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2545)=>[Subject: VIRUS WARNING!: Report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)=>[Subject: Report][Date: Tue, 14 Oct 2003 11:53:12 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2545)=>[Subject: VIRUS WARNING!: Report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)=>(message)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2545)=>[Subject: VIRUS WARNING!: Report][Date: Tue, 14 Oct 2003 11:53:25 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2545)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2557)=>[Subject: Undelivered Mail User unknown][Date: Wed, 08 Oct 2003 21:59:13 -0500 (CDT)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2557)=>[Subject: Undelivered Mail User unknown][Date: Wed, 08 Oct 2003 21:59:13 -0500 (CDT)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2557)=>[Subject: Undelivered Mail User unknown][Date: Wed, 08 Oct 2003 21:59:13 -0500 (CDT)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2557)=>[Subject: Undelivered Mail User unknown][Date: Wed, 08 Oct 2003 21:59:13 -0500 (CDT)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2557)
    Updated

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2561)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2561)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2561)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2576)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2576)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2576)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2583)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2583)
    Disinfection failed

    D:\SAUVEGARDES\mail\Boîte de réception.dbx=>(message 2583)
    Deleted

    D:\SAUVEGARDES\mail\Boîte de réception.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1214)=>[Subject: Re: Re: Document][Date: Tue, 15 Feb 2005 10:21:03 +0100]=>(MIME part)=>your_document.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1214)=>[Subject: Re: Re: Document][Date: Tue, 15 Feb 2005 10:21:03 +0100]=>(MIME part)=>your_document.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1214)=>[Subject: Re: Re: Document][Date: Tue, 15 Feb 2005 10:21:03 +0100]=>(MIME part)=>your_document.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1214)=>[Subject: Re: Re: Document][Date: Tue, 15 Feb 2005 10:21:03 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1214)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1215)=>[Subject: Re: Your letter][Date: Tue, 15 Feb 2005 17:20:31 +0100]=>(MIME part)=>your_letter.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1215)=>[Subject: Re: Your letter][Date: Tue, 15 Feb 2005 17:20:31 +0100]=>(MIME part)=>your_letter.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1215)=>[Subject: Re: Your letter][Date: Tue, 15 Feb 2005 17:20:31 +0100]=>(MIME part)=>your_letter.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1215)=>[Subject: Re: Your letter][Date: Tue, 15 Feb 2005 17:20:31 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1215)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1216)=>[Subject: Re: Your product][Date: Tue, 15 Feb 2005 15:03:08 +0100]=>(MIME part)=>your_product.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1216)=>[Subject: Re: Your product][Date: Tue, 15 Feb 2005 15:03:08 +0100]=>(MIME part)=>your_product.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1216)=>[Subject: Re: Your product][Date: Tue, 15 Feb 2005 15:03:08 +0100]=>(MIME part)=>your_product.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1216)=>[Subject: Re: Your product][Date: Tue, 15 Feb 2005 15:03:08 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1216)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1218)=>[Subject: Re: Hi][Date: Mon, 14 Feb 2005 20:10:08 +0100]=>(MIME part)=>your_file.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1218)=>[Subject: Re: Hi][Date: Mon, 14 Feb 2005 20:10:08 +0100]=>(MIME part)=>your_file.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1218)=>[Subject: Re: Hi][Date: Mon, 14 Feb 2005 20:10:08 +0100]=>(MIME part)=>your_file.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1218)=>[Subject: Re: Hi][Date: Mon, 14 Feb 2005 20:10:08 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1218)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1219)=>[Subject: Re: Your details][Date: Mon, 14 Feb 2005 19:49:11 +0100]=>(MIME part)=>your_details.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1219)=>[Subject: Re: Your details][Date: Mon, 14 Feb 2005 19:49:11 +0100]=>(MIME part)=>your_details.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1219)=>[Subject: Re: Your details][Date: Mon, 14 Feb 2005 19:49:11 +0100]=>(MIME part)=>your_details.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1219)=>[Subject: Re: Your details][Date: Mon, 14 Feb 2005 19:49:11 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1219)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1234)=>[Subject: Re: My details][Date: Mon, 14 Feb 2005 11:19:12 +0100]=>(MIME part)=>my_details.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1234)=>[Subject: Re: My details][Date: Mon, 14 Feb 2005 11:19:12 +0100]=>(MIME part)=>my_details.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1234)=>[Subject: Re: My details][Date: Mon, 14 Feb 2005 11:19:12 +0100]=>(MIME part)=>my_details.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1234)=>[Subject: Re: My details][Date: Mon, 14 Feb 2005 11:19:12 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1234)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1235)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 13:05:35 +0100]=>(MIME part)=>application.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1235)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 13:05:35 +0100]=>(MIME part)=>application.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1235)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 13:05:35 +0100]=>(MIME part)=>application.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1235)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 13:05:35 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1235)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1236)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 10:54:02 +0100]=>(MIME part)=>application.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1236)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 10:54:02 +0100]=>(MIME part)=>application.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1236)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 10:54:02 +0100]=>(MIME part)=>application.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1236)=>[Subject: Re: Your software][Date: Mon, 14 Feb 2005 10:54:02 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1236)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1240)=>[Subject: Re: Your product][Date: Sun, 13 Feb 2005 17:43:58 +0100]=>(MIME part)=>your_product.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1240)=>[Subject: Re: Your product][Date: Sun, 13 Feb 2005 17:43:58 +0100]=>(MIME part)=>your_product.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1240)=>[Subject: Re: Your product][Date: Sun, 13 Feb 2005 17:43:58 +0100]=>(MIME part)=>your_product.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1240)=>[Subject: Re: Your product][Date: Sun, 13 Feb 2005 17:43:58 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1240)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1242)=>[Subject: Hi][Date: Fri, 11 Feb 2005 18:59:49 +0100]=>(MIME part)=>Notice.zip=>Notice.txt .exe
    Infected with: Win32.NetSky.AA@mm.dam

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1242)=>[Subject: Hi][Date: Fri, 11 Feb 2005 18:59:49 +0100]=>(MIME part)=>Notice.zip=>Notice.txt .exe
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1242)=>[Subject: Hi][Date: Fri, 11 Feb 2005 18:59:49 +0100]=>(MIME part)=>Notice.zip=>Notice.txt .exe
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1242)=>[Subject: Hi][Date: Fri, 11 Feb 2005 18:59:49 +0100]=>(MIME part)=>Notice.zip
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1242)=>[Subject: Hi][Date: Fri, 11 Feb 2005 18:59:49 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1242)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1262)=>[Subject: Re: Re: Thanks!][Date: Thu, 3 Feb 2005 18:50:21 +0100]=>(MIME part)=>document.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1262)=>[Subject: Re: Re: Thanks!][Date: Thu, 3 Feb 2005 18:50:21 +0100]=>(MIME part)=>document.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1262)=>[Subject: Re: Re: Thanks!][Date: Thu, 3 Feb 2005 18:50:21 +0100]=>(MIME part)=>document.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1262)=>[Subject: Re: Re: Thanks!][Date: Thu, 3 Feb 2005 18:50:21 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1262)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1264)=>[Subject: Re: Hello][Date: Wed, 2 Feb 2005 20:03:26 +0100]=>(MIME part)=>your_picture.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1264)=>[Subject: Re: Hello][Date: Wed, 2 Feb 2005 20:03:26 +0100]=>(MIME part)=>your_picture.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1264)=>[Subject: Re: Hello][Date: Wed, 2 Feb 2005 20:03:26 +0100]=>(MIME part)=>your_picture.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1264)=>[Subject: Re: Hello][Date: Wed, 2 Feb 2005 20:03:26 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1264)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1267)=>[Subject: Re: Thanks!][Date: Tue, 1 Feb 2005 20:33:40 +0100]=>(MIME part)=>message_part2.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1267)=>[Subject: Re: Thanks!][Date: Tue, 1 Feb 2005 20:33:40 +0100]=>(MIME part)=>message_part2.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1267)=>[Subject: Re: Thanks!][Date: Tue, 1 Feb 2005 20:33:40 +0100]=>(MIME part)=>message_part2.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1267)=>[Subject: Re: Thanks!][Date: Tue, 1 Feb 2005 20:33:40 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1267)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1272)=>[Subject: Re: Here][Date: Mon, 31 Jan 2005 18:37:36 +0100]=>(MIME part)=>yours.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1272)=>[Subject: Re: Here][Date: Mon, 31 Jan 2005 18:37:36 +0100]=>(MIME part)=>yours.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1272)=>[Subject: Re: Here][Date: Mon, 31 Jan 2005 18:37:36 +0100]=>(MIME part)=>yours.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1272)=>[Subject: Re: Here][Date: Mon, 31 Jan 2005 18:37:36 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1272)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1276)=>[Subject: Re: Your document][Date: Sun, 30 Jan 2005 14:21:28 +0100]=>(MIME part)=>your_document.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1276)=>[Subject: Re: Your document][Date: Sun, 30 Jan 2005 14:21:28 +0100]=>(MIME part)=>your_document.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1276)=>[Subject: Re: Your document][Date: Sun, 30 Jan 2005 14:21:28 +0100]=>(MIME part)=>your_document.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1276)=>[Subject: Re: Your document][Date: Sun, 30 Jan 2005 14:21:28 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1276)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1277)=>[Subject: Re: Re: Re: Your document][Date: Sun, 30 Jan 2005 12:35:53 +0100]=>(MIME part)=>document_4351.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1277)=>[Subject: Re: Re: Re: Your document][Date: Sun, 30 Jan 2005 12:35:53 +0100]=>(MIME part)=>document_4351.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1277)=>[Subject: Re: Re: Re: Your document][Date: Sun, 30 Jan 2005 12:35:53 +0100]=>(MIME part)=>document_4351.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1277)=>[Subject: Re: Re: Re: Your document][Date: Sun, 30 Jan 2005 12:35:53 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1277)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1283)=>[Subject: Re: Your letter][Date: Sun, 30 Jan 2005 17:41:10 +0100]=>(MIME part)=>your_letter.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1283)=>[Subject: Re: Your letter][Date: Sun, 30 Jan 2005 17:41:10 +0100]=>(MIME part)=>your_letter.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1283)=>[Subject: Re: Your letter][Date: Sun, 30 Jan 2005 17:41:10 +0100]=>(MIME part)=>your_letter.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1283)=>[Subject: Re: Your letter][Date: Sun, 30 Jan 2005 17:41:10 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1283)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1284)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 14:44:55 +0100]=>(MIME part)=>your_website.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1284)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 14:44:55 +0100]=>(MIME part)=>your_website.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1284)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 14:44:55 +0100]=>(MIME part)=>your_website.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1284)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 14:44:55 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1284)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1285)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 11:27:55 +0100]=>(MIME part)=>your_website.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1285)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 11:27:55 +0100]=>(MIME part)=>your_website.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1285)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 11:27:55 +0100]=>(MIME part)=>your_website.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1285)=>[Subject: Re: Your website][Date: Sun, 30 Jan 2005 11:27:55 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1285)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Infected with: Exploit.Iframe.Vulnerability.B

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)=>message.scr
    Infected with: Win32.Netsky.P@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)=>message.scr
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure ornics@wanadoo.][Date: Wed, 23 Jun 2004 21:56:54 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)=>(message)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)=>[Subject: Undelivered Mail Returned to Sender][Date: Wed, 23 Jun 2004 21:57:05 +0200 (CEST)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1587)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Infected with: Exploit.Iframe.Vulnerability.B

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)=>message.scr
    Infected with: Win32.Netsky.P@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)=>message.scr
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Mail Delivery (failure do6gh7nh-i0z9jn][Date: Fri, 18 Jun 2004 11:46:33 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)=>(message)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)=>[Subject: Undelivered Mail Returned to Sender][Date: Fri, 18 Jun 2004 11:46:54 +0200 (CEST)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1606)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1660)=>[Subject: Re: Excel file][Date: Sun, 30 May 2004 11:07:08 +0200]=>(MIME part)=>document_excel.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1660)=>[Subject: Re: Excel file][Date: Sun, 30 May 2004 11:07:08 +0200]=>(MIME part)=>document_excel.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1660)=>[Subject: Re: Excel file][Date: Sun, 30 May 2004 11:07:08 +0200]=>(MIME part)=>document_excel.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1660)=>[Subject: Re: Excel file][Date: Sun, 30 May 2004 11:07:08 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1660)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1664)=>[Subject: Re: Your text][Date: Thu, 27 May 2004 15:21:17 +0200]=>(MIME part)=>your_text.pif
    Infected with: Win32.Netsky.D@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1664)=>[Subject: Re: Your text][Date: Thu, 27 May 2004 15:21:17 +0200]=>(MIME part)=>your_text.pif
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1664)=>[Subject: Re: Your text][Date: Thu, 27 May 2004 15:21:17 +0200]=>(MIME part)=>your_text.pif
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1664)=>[Subject: Re: Your text][Date: Thu, 27 May 2004 15:21:17 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1664)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1826)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Tue, 30 Mar 2004 15:34:46 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Infected with: Exploit.Iframe.Vulnerability.B

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1826)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Tue, 30 Mar 2004 15:34:46 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1826)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Tue, 30 Mar 2004 15:34:46 +0200]=>(MIME part)=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1826)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Tue, 30 Mar 2004 15:34:46 +0200]=>(MIME part)=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1826)=>[Subject: Mail Delivery (failure ciocciu@free.fr][Date: Tue, 30 Mar 2004 15:34:46 +0200]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 1826)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2077)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2077)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2077)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2080)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2080)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2080)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2083)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2083)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2083)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2084)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2084)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2084)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2086)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2086)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2086)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2088)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2088)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2088)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2091)=>[Subject: {Virus?} returned mail: user unknown][Date: Wed, 5 Nov 2003 23:13:08 +0100 (CET)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2091)=>[Subject: {Virus?} returned mail: user unknown][Date: Wed, 5 Nov 2003 23:13:08 +0100 (CET)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2091)=>[Subject: {Virus?} returned mail: user unknown][Date: Wed, 5 Nov 2003 23:13:08 +0100 (CET)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2091)=>[Subject: {Virus?} returned mail: user unknown][Date: Wed, 5 Nov 2003 23:13:08 +0100 (CET)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2091)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2096)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2096)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2096)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2108)=>[Subject: Error Letter][Date: Wed, 29 Oct 2003 08:28:32 -0600 (CST)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2108)=>[Subject: Error Letter][Date: Wed, 29 Oct 2003 08:28:32 -0600 (CST)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2108)=>[Subject: Error Letter][Date: Wed, 29 Oct 2003 08:28:32 -0600 (CST)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2108)=>[Subject: Error Letter][Date: Wed, 29 Oct 2003 08:28:32 -0600 (CST)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2108)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2110)=>[Subject: mail returned to sender][Date: Tue, 28 Oct 2003 12:46:07 +0100]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2110)=>[Subject: mail returned to sender][Date: Tue, 28 Oct 2003 12:46:07 +0100]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2110)=>[Subject: mail returned to sender][Date: Tue, 28 Oct 2003 12:46:07 +0100]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2110)=>[Subject: mail returned to sender][Date: Tue, 28 Oct 2003 12:46:07 +0100]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2110)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2112)=>[Subject: Message][Date: Mon, 27 Oct 2003 12:00:11 -0600 (CST)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2112)=>[Subject: Message][Date: Mon, 27 Oct 2003 12:00:11 -0600 (CST)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2112)=>[Subject: Message][Date: Mon, 27 Oct 2003 12:00:11 -0600 (CST)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2112)=>[Subject: Message][Date: Mon, 27 Oct 2003 12:00:11 -0600 (CST)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2112)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2113)=>[Subject: Advice][Date: Mon, 27 Oct 2003 16:25:58 -0600 (CST)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2113)=>[Subject: Advice][Date: Mon, 27 Oct 2003 16:25:58 -0600 (CST)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2113)=>[Subject: Advice][Date: Mon, 27 Oct 2003 16:25:58 -0600 (CST)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2113)=>[Subject: Advice][Date: Mon, 27 Oct 2003 16:25:58 -0600 (CST)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2113)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2118)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2118)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2118)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2122)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2122)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2122)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2130)=>[Subject: error letter][Date: Sat, 18 Oct 2003 14:16:22 -0500 (CDT)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2130)=>[Subject: error letter][Date: Sat, 18 Oct 2003 14:16:22 -0500 (CDT)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2130)=>[Subject: error letter][Date: Sat, 18 Oct 2003 14:16:22 -0500 (CDT)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2130)=>[Subject: error letter][Date: Sat, 18 Oct 2003 14:16:22 -0500 (CDT)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2130)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2131)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2131)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2131)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2133)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2133)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2133)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2134)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2134)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2134)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2135)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2135)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2135)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2136)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2136)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2136)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)=>[Subject: Letter][Date: Sat, 11 Oct 2003 08:27:58 -0500 (CDT)]=>(MIME part)=>(message body)
    Suspected of: Exploit.Iframe.Vulnerability

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)=>[Subject: Letter][Date: Sat, 11 Oct 2003 08:27:58 -0500 (CDT)]=>(MIME part)=>(message body)
    Disinfection failed

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)=>[Subject: Letter][Date: Sat, 11 Oct 2003 08:27:58 -0500 (CDT)]=>(MIME part)=>(message body)
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)=>[Subject: Letter][Date: Sat, 11 Oct 2003 08:27:58 -0500 (CDT)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)=>[Subject: Letter][Date: Sat, 11 Oct 2003 08:27:58 -0500 (CDT)]=>(MIME part)=>gjrhunh.exe
    Infected with: Win32.Swen.A@mm

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)=>[Subject: Letter][Date: Sat, 11 Oct 2003 08:27:58 -0500 (CDT)]=>(MIME part)=>gjrhunh.exe
    Deleted

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)=>[Subject: Letter][Date: Sat, 11 Oct 2003 08:27:58 -0500 (CDT)]=>(MIME part)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx=>(message 2140)
    Updated

    D:\SAUVEGARDES\mail\Éléments supprimés.dbx
    Update failed

    et le log hijackthis

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:02:01, on 17/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\windows\system32\mstsdsc.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
    C:\Palm\HOTSYNC.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Avant Browser\avant.exe
    C:\Documents and Settings\lolocat\Mes documents\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {F5938714-BD46-408A-9842-4058206D37E3} - C:\WINDOWS\Temp\~00754.tmp
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mstsdsc.exe] c:\windows\system32\mstsdsc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSNS PLUS XP2] inetinfos.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [alpha] c:\DriverLoad\windrv0.exe
    O4 - HKCU\..\Run: [beta] c:\DriverLoad\windrv0.exe
    O4 - HKCU\..\Run: [gamma] c:\DriverLoad\windrv0.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\DriverLoad\windrv0.exe
    O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\DriverLoad\windrv0.exe
    O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\DriverLoad\windrv0.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [CDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [beta] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cat
     
    fin du log hijackthis merci encore green day de m'aider à éclaircir tout ça

    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmwsock.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13F3EA0B-0817-4E7B-830A-E2EEB0B5BADE}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{17C0E562-7A8D-425D-8792-EC221410112D}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E2BBD65-E3CA-4AEB-AA3D-1A455B968F2C}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85CCABE2-064E-4778-B7F6-4812BE7532A1}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A5970EAE-859F-4296-8AAC-664216176BB6}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4BD2A70-4E5E-4797-80A1-70D959A18AF3}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0E9C7872-CBB2-4338-ACAC-EFFA5BCA44AC}: NameServer = 85.255.115.42,85.255.112.170
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170
    O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\lolocat\LOCALS~1\Temp\dnlsvc.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    télécharge l2mfix ici:
    http://www.downloads.subratam.org/l2mfix.exe
    Double-cliquer sur l2mfix.exe pour lancer l'extraction
    Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
    Le bloc note va s'ouvrir avec le résultat du scan.copie/colles le rapport ici

    ++
    0