Ca rame encore

Question

Bonjour, J'ai suivi les instructions données sur la page "Astuces [Virus] Méthode préliminaire de désinfection - Version Fr" Depuis, mon pc rame moins, mais c'est encore bien lent (plus de 4 minutes pour démarrer). Merci d'avance pour votre aide. Ci-dessous les logs : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 13:07:38 15/12/2007 + Résultat de l'analyse: :mozilla.10:C:\Documents and Settings\Proprietaire\Application Data\Mozilla\Firefox\Profiles\lekh8tt2.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise. Fin du rapport BitDefender Online Scanner -Scan Report

BitDefender Online Scanner

Scan report generated at: Sat, Dec 15, 2007 - 16:05:09

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics
Time	02:50:30
Files	491484
Folders	6395
Boot Sectors	3
Archives	14131
Packed Files	13159

Results
Identified Viruses	5
Infected Files	29
Suspect Files	0
Warnings	0
Disinfected	0
Deleted Files	29

Engines Info
Virus Definitions	882397
Engine build	AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins	14
Archive plugins	38
Unpack plugins	7
E-mail plugins	6
System plugins	1

Scan Settings
First Action	Disinfect
Second Action	Delete
Heuristics	Yes
Enable Warnings	Yes
Scanned Extensions	*;
Exclude Extensions
Scan Emails	Yes
Scan Archives	Yes
Scan Packed	Yes
Scan Files	Yes
Scan Boot	Yes

Scanned File	Status
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 12:20:02 GMT]=>(MIME part)=>reg_pass-data.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 12:20:02 GMT]=>(MIME part)=>reg_pass-data.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 12:20:02 GMT]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 15:36:41 GMT]=>(MIME part)=>reg_pass.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 15:36:41 GMT]=>(MIME part)=>reg_pass.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 15:36:41 GMT]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)=>[Subject: Registration Confirmation][Date: Thu, 01 Dec 2005 10:21:09 GMT]=>(MIME part)=>reg_pass-data.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)=>[Subject: Registration Confirmation][Date: Thu, 01 Dec 2005 10:21:09 GMT]=>(MIME part)=>reg_pass-data.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)=>[Subject: Registration Confirmation][Date: Thu, 01 Dec 2005 10:21:09 GMT]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)=>[Subject: Mail delivery failed][Date: Mon, 05 Dec 2005 16:25:25 GMT]=>(MIME part)=>mail.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)=>[Subject: Mail delivery failed][Date: Mon, 05 Dec 2005 16:25:25 GMT]=>(MIME part)=>mail.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)=>[Subject: Mail delivery failed][Date: Mon, 05 Dec 2005 16:25:25 GMT]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)=>[Subject: hi,_ive_a_new_mail_address][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>mailtext.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)=>[Subject: hi,_ive_a_new_mail_address][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>mailtext.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)=>[Subject: hi,_ive_a_new_mail_address][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)=>[Subject: Registration Confirmation][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>reg_pass.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)=>[Subject: Registration Confirmation][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>reg_pass.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)=>[Subject: Registration Confirmation][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)=>[Subject: hi, ive a new mail address][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>mailtext.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)=>[Subject: hi, ive a new mail address][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>mailtext.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)=>[Subject: hi, ive a new mail address][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)=>question_list270.zip	Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)=>question_list270.zip	Deleted
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)	Updated
C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)	Updated
C:\Documents and Settings\Proprietaire\Application Data\

olly3 · Answer

Bonjour, tu devrais exporter ton rapport en .txt et copier/coller le .txt ici ce serait plus lisible.

Hervé · Answer

Je n'ai pas réussi à avoir le rapport (en txt) autrement. Je l'ai donc renommé en HTML et l'ai copié. Est-il assez lisible ? 

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	13:07:38 15/12/2007

 + Résultat de l'analyse:	



:mozilla.10:C:\Documents and Settings\Proprietaire\Application Data\Mozilla\Firefox\Profiles\lekh8tt2.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.


Fin du rapport


BitDefender Online Scanner
	

 
	

 

Scan report generated at: Sat, Dec 15, 2007 - 16:05:09

 
	

 
	

 

Scan path: A:\;C:\;D:\;E:\;F:\;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

02:50:30

Files
	

491484

Folders
	

6395

Boot Sectors
	

3

Archives
	

14131

Packed Files
	

13159
	

 
	

 

Results

Identified Viruses
	

5

Infected Files
	

29

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

29
	

 
	

 

Engines Info

Virus Definitions
	

882397

Engine build
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

7

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 12:20:02 GMT]=>(MIME part)=>reg_pass-data.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 12:20:02 GMT]=>(MIME part)=>reg_pass-data.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 12:20:02 GMT]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 33)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)=>reg_pass.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 13:22:41 GMT]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 34)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 15:36:41 GMT]=>(MIME part)=>reg_pass.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 15:36:41 GMT]=>(MIME part)=>reg_pass.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)=>[Subject: Registration Confirmation][Date: Tue, 29 Nov 2005 15:36:41 GMT]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 35)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)=>[Subject: Registration Confirmation][Date: Thu, 01 Dec 2005 10:21:09 GMT]=>(MIME part)=>reg_pass-data.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)=>[Subject: Registration Confirmation][Date: Thu, 01 Dec 2005 10:21:09 GMT]=>(MIME part)=>reg_pass-data.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)=>[Subject: Registration Confirmation][Date: Thu, 01 Dec 2005 10:21:09 GMT]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 42)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 48)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)=>reg_pass-data.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)=>[Subject: Registration Confirmation][Date: Sat, 03 Dec 2005 13:04:06 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 49)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)=>[Subject: Mail delivery failed][Date: Mon, 05 Dec 2005 16:25:25 GMT]=>(MIME part)=>mail.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)=>[Subject: Mail delivery failed][Date: Mon, 05 Dec 2005 16:25:25 GMT]=>(MIME part)=>mail.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)=>[Subject: Mail delivery failed][Date: Mon, 05 Dec 2005 16:25:25 GMT]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 51)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>list.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)=>[Subject: You visit illegal websites][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 52)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)=>[Subject: hi,_ive_a_new_mail_address][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>mailtext.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)=>[Subject: hi,_ive_a_new_mail_address][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)=>mailtext.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)=>[Subject: hi,_ive_a_new_mail_address][Date: Mon, 05 Dec 2005 17:23:22 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 53)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)=>[Subject: Registration Confirmation][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>reg_pass.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)=>[Subject: Registration Confirmation][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>reg_pass.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)=>[Subject: Registration Confirmation][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 54)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)=>[Subject: hi, ive a new mail address][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>mailtext.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)=>[Subject: hi, ive a new mail address][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)=>mailtext.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)=>[Subject: hi, ive a new mail address][Date: Mon, 05 Dec 2005 18:12:35 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 55)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)=>question_list270.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)=>question_list270.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 56)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 57)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)=>list459.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 57)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)=>list459.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 57)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:01:35 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 57)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 58)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:49:43 UTC]=>(MIME part)=>question_list.zip
	

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 58)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:49:43 UTC]=>(MIME part)=>question_list.zip
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 58)=>[Subject: Your IP was logged][Date: Mon, 05 Dec 2005 19:49:43 UTC]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 58)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 106)=>[Subject: hi][Date: Thu, 12 Jan 2006 15:11:05 +0100]=>(MIME part)=>webcam.zip=>webcam.txt.com
	

Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 106)=>[Subject: hi][Date: Thu, 12 Jan 2006 15:11:05 +0100]=>(MIME part)=>webcam.zip=>webcam.txt.com
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 106)=>[Subject: hi][Date: Thu, 12 Jan 2006 15:11:05 +0100]=>(MIME part)=>webcam.zip
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 106)=>[Subject: hi][Date: Thu, 12 Jan 2006 15:11:05 +0100]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 106)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 110)=>[Subject: take it][Date: Sun, 15 Jan 2006 16:08:54 +0100]=>(MIME part)=>yours.zip=>yours.doc.exe
	

Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 110)=>[Subject: take it][Date: Sun, 15 Jan 2006 16:08:54 +0100]=>(MIME part)=>yours.zip=>yours.doc.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 110)=>[Subject: take it][Date: Sun, 15 Jan 2006 16:08:54 +0100]=>(MIME part)=>yours.zip
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 110)=>[Subject: take it][Date: Sun, 15 Jan 2006 16:08:54 +0100]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 110)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 112)=>[Subject: question][Date: Tue, 17 Jan 2006 19:28:19 +0100]=>(MIME part)=>yours_regards.doc.exe
	

Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 112)=>[Subject: question][Date: Tue, 17 Jan 2006 19:28:19 +0100]=>(MIME part)=>yours_regards.doc.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 112)=>[Subject: question][Date: Tue, 17 Jan 2006 19:28:19 +0100]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 112)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 352)=>[Subject: fake][Date: Sat, 1 Jul 2006 09:43:48 +0300]=>(MIME part)=>location.txt.exe
	

Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 352)=>[Subject: fake][Date: Sat, 1 Jul 2006 09:43:48 +0300]=>(MIME part)=>location.txt.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 352)=>[Subject: fake][Date: Sat, 1 Jul 2006 09:43:48 +0300]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 352)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>archstored:webcam_doc.htm.exe
	

Infected with: Win32.Netsky.C@mm.Damaged

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>archstored:webcam_doc.htm.exe
	

Disinfection failed

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>archstored:webcam_doc.htm.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip
	

Update failed

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>webcam_doc.htm.exe
	

Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>webcam_doc.htm.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox=>(message 353)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 26)=>[Subject: fake][Date: Sat, 1 Jul 2006 09:43:48 +0300]=>(MIME part)=>location.txt.exe
	

Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 26)=>[Subject: fake][Date: Sat, 1 Jul 2006 09:43:48 +0300]=>(MIME part)=>location.txt.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 26)=>[Subject: fake][Date: Sat, 1 Jul 2006 09:43:48 +0300]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 26)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>archstored:webcam_doc.htm.exe
	

Infected with: Win32.Netsky.C@mm.Damaged

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>archstored:webcam_doc.htm.exe
	

Disinfection failed

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>archstored:webcam_doc.htm.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip
	

Update failed

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>webcam_doc.htm.exe
	

Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip=>webcam_doc.htm.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)=>webcam_doc.zip
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)=>[Subject: excuse me][Date: Sat, 1 Jul 2006 10:19:42 +0300]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk=>(message 27)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\Local Folders\Junk
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Inbox=>(message 886)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Infected with: Trojan.Pandex.M

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Inbox=>(message 886)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Disinfection failed

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Inbox=>(message 886)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Inbox=>(message 886)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Inbox=>(message 886)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Inbox=>(message 886)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Inbox
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Trash=>(message 629)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Infected with: Trojan.Pandex.M

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Trash=>(message 629)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Disinfection failed

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Trash=>(message 629)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Trash=>(message 629)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Trash=>(message 629)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Trash=>(message 629)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Trash
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Junk=>(message 425)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Infected with: Trojan.Pandex.M

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Junk=>(message 425)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Disinfection failed

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Junk=>(message 425)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip=>game.exe
	

Deleted

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Junk=>(message 425)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)=>game.zip
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Junk=>(message 425)=>[Subject: Something hot][Date: Wed, 29 Aug 2007 12:47:02 +0000]=>(MIME part)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Junk=>(message 425)
	

Updated

C:\Documents and Settings\Proprietaire\Application Data\Thunderbird\Profiles\8jemx70y.default\Mail\pop.free-2.fr\Junk
	

Updated
	

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:28, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\EasyBox\Apache\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EasyBox\Apache\Apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EasyBox\EasyBox.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\EasyBox\VLC\VLC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LanceurEasyBox] "C:\Program Files\EasyBox\EasyBox.exe" -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093681152234
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EasyBoxApache - Apache Software Foundation - C:\Program Files\EasyBox\Apache\Apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

olly3 · Answer

Bonsoir, tu peux déjà fixer ça avec Hijackthis :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 

Ben dis, ton Thunderbird était blindé de bestioles !! 
Apparemment c'est au démarrage que ton PC est lent alors installe Autoruns : http://download.sysinternals.com/Files/Autoruns.zip

Tu auras un onglet nommé "Logon" c'est tout ce que lance ton ordi au démarrage... examine chaque ligne une par une et décoche les processus inutiles ( genre ta webcam si tu t'en sers tous les 2 ans, inutile qu'elle lance un process à chaque démarrage...) tu devrais gagner du temps.

Pour vérifier les infections hors Thunderbird, as-tu utilisé navilog ou combofix dans ta première "bataille "??

Hervé · Answer

Bonjour

Exuse moi mais je ne comprend pas ce que tu veux dire par "Tu peux déjà fixer ça avec Hijackthis :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)"

Il semblerait que le problème de démarrage lent se produit avant le lancement de windows (2 mn entre la mise sous tension et l'affichage de "bienvenue".

Je n'ai pas utilisé navilog ni combofix. j'ai juste suivi bêtement la procédure expliquée sur le site.

olly3 · Answer

Pardonne moi j'avais cru que ton rapport d'AVG Antispyware était un log fait par Hijackyhis( j'ai vu que tu l'avais sur ton ordi). Quand tu fais un hjt, tu peux cocher certaines lignes et les fix ( Fix selected items, c'est l'instruction)  et la ligne en question ne te sert à rien.

Je ne suis pas un expert, mais voici quelques idées qui ne te coûteront pas cher :
- si c'est très lent avant le lancement de windows, peut etre ton disque dur commence t il a être plein de vide: l'as-tu déjà défragment é ? La défragmentation permet d'aller un peu plus vite, bien des gens n'en font pourtant jamais.

- au cas où tu aies qqchose dans ton ordi qui le fasse ramer ( spy, malware..ou autre) peux tu télécharger Navilog : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe  et enregistre-le sur ton bureau.

Ensuite double clique sur l’icône "Navilog1.exe " pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.

(Si ce n'est pas le cas, vas dans le poste de travail, en double-cliquant sur le fichier « navilog1.bat » se trouvant dans %program files%Navilog1).

Laisse-toi guider.
Au menu principal, choisis 1 et valide.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc-notes.

Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Hervé · Answer

Je défragmente de temps en temps mon disque dur. Ca apporte un petit plus mais ce n'est pas la panacée.
J'ai exécuté navilog dont voici le rapport :

Search Navipromo version 3.3.8 commencé le 16/12/2007 à  8:31:23,07

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : FAT32

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Proprietaire\application data" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Proprietaire\local settings\application data" * 



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Proprietaire\local settings\application data" : 


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :



*** Analyse terminée le 16/12/2007 à  8:35:42,56 ***

olly3 · Answer

Si tu penses vraiment que ta lenteur est due à un spy, réexécute Navilog avec l'option 2 cette fois ( Nettoyer ), puis télécharge et exécute CCleaner pour nettoyer les fichiers temporaires. 

Sinon, puisque chaque antivirus a ses points forts et faibles, en complément à ton scan online avec Bitdefender et quitte à désinstaller/réinstaller après ton AVG7, tu peux 
télécharger Kaspersky Internet Security 30days Trial (gratuit)
https://www.kaspersky.fr/downloads?chapter=186498691
 et faire une analyse complète de ton Poste de travail, on verra bien ce qu'il trouve.

De plus tu peux paramétrer une analyse des objets au démarrage seulement si tu penses qu'un des process au démarrage est infecté.

Après si tout ça n'est qu'un léger mieux et que ton souci se passe avant le boot de windows, je ne peux pas t'aider davantage, désolé. Mais il y a bien des gens beaucoup plus pointus que moi qui le pourront sûrement ( poste plutot sur le forum Windows que le Sécurité à ce moment, peut-être).

Bonsoir.

Hervé · Answer

Bonjour
Je suivrai tes conseils ce soir (là je suis au boulot).
Merci encore pour ton aide.
Bonne jounée

Ca rame encore

8 réponses

Votre réponse

Discussions similaires

Newsletters