Sujet Précédent Sujet Suivant

Virus W32.sillyDC puis acces disque refusé

Résolu
jpav Messages postés 25 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Bonjour,
Mon PC (sous XP familial) a été infesté par W32.sillyDC.
Il semble que NORTON l'a éliminé (le scan complet par NORTON et AVAST ne signale plus rien) et l'ordi a l'air de marcher normalement.
NEANMOINS, je n'ai plus acces aux disques C, D et G (un WD externe par USB) par l'icone correspondante du poste d etravail; il me dit "acces disque refusé"; en revanche, je peux accéder à tous mes fichiers par les autres icones ou raccourcis, ou par l'explorateur (ce qui me rassure et me permet de travailler).
Mais, pouvez vous m'aider à
- vérifier si le virus est bien éradiqué
- corriger le pb d'accès aux disques.
Merci d'avance et bonne année à tous (sans virus, si possible !!).
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
ok réessai tes lecteurs
1
Réponse 2 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Bienvenue sur le forum d’entraide de CommentCaMarche.net

Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème.
Merci de votre compréhension.

Télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre-le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
Clique sur "do a system scan and save logfile" (cf démo)
Faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
0
Réponse 3 / 27
jpav
 
merci Regis 59,
Voilà le rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:40, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\Monitor.exe
C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\RMC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\DOCUME~1\clem\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\RMC.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://fr2.mayetic.com/qp2.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 4 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Meilleurs voeux :)

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
jpav Messages postés 25 Statut Membre 4
 
Regis59,
Voilà le rapport de COMBOFIX

ComboFix 07-12-31.4 - clem 2008-01-01 19:25:10.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.506 [GMT 1:00]
Running from: C:\Documents and Settings\clem\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data\Starware354
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\748_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\748_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\750_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\Green_Card0.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\Rencontres0.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware354\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware354\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware354\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354
C:\Documents and Settings\clem\Application Data\Starware354\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\clem\Application Data\Starware354\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Configurator\Configurator.xml
C:\Documents and Settings\clem\Application Data\Starware354\Configurator\Configurator.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Green_Card\Green_CardOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\Green_Card\Green_CardOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Layouts\ToolbarLayout.xml
C:\Documents and Settings\clem\Application Data\Starware354\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Manager\ManagerOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Rechercher_de_recettes\Rechercher_de_recettesOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\Rechercher_de_recettes\Rechercher_de_recettesOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Recipe_RSS\Recipe_RSSOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\Recipe_RSS\Recipe_RSSOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Rencontres\RencontresOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\Rencontres\RencontresOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\clem\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\clem\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\Starware354
C:\Program Files\Starware354\icons\star_16.ico
C:\Program Files\Starware354\Starware354Config.xml
C:\Program Files\Starware354\Starware354Uninstall.exe
D:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))))))
.

2008-01-01 19:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 19:08 . 2008-01-01 19:08 <REP> d-------- C:\hijackthis
2008-01-01 18:57 . 2008-01-01 18:57 <REP> d-------- C:\Program Files\CCleaner
2008-01-01 18:14 . 2008-01-01 18:14 <REP> d-------- C:\WINDOWS\LastGood
2008-01-01 18:14 . 2008-01-01 18:14 <REP> d-------- C:\Program Files\Panda Security
2007-12-31 10:37 . 2007-12-31 10:37 <REP> d-------- C:\Program Files\Alwil Software
2007-12-30 21:44 . 2007-12-30 21:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2007-12-30 21:43 . 2007-03-10 16:40 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-30 21:43 . 2007-03-10 16:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-30 21:43 . 2007-03-10 16:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-30 21:43 . 2007-03-10 16:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-12-30 21:43 . 2007-03-10 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-30 21:43 . 2007-03-10 16:22 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-30 21:43 . 2007-03-10 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-30 21:43 . 2007-03-10 16:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-30 21:43 . 2007-03-10 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
2007-12-30 17:56 . 2007-12-30 17:56 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-12-30 13:17 . 2007-12-30 13:17 <REP> d--hs---- C:\FOUND.006
2007-12-30 10:07 . 2007-12-30 10:07 <REP> d--hs---- C:\FOUND.005
2007-12-26 09:13 . 2007-12-26 09:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 09:13 . 2007-12-26 09:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 17:00 . 2007-12-25 17:00 <REP> d-------- C:\Documents and Settings\clem\Application Data\My Games
2007-12-25 16:45 . 2007-12-25 16:45 <REP> d-------- C:\Program Files\Firaxis Games
2007-12-25 16:44 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-10 19:45 . 2007-12-10 19:45 <REP> d--hs---- C:\FOUND.004
2007-12-05 13:55 . 2007-12-05 13:55 <REP> d--hs---- C:\FOUND.003

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 21:27 --------- d-----w C:\Documents and Settings\clem\Application Data\dvdcss
2007-11-28 20:47 --------- d-----w C:\Program Files\Western Digital Technologies
2007-11-24 16:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-24 16:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-24 16:29 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-24 16:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-24 16:04 3,861,320 ----a-w C:\Program Files\eMule0.48a-Installer2.exe
2007-11-24 16:04 --------- d-----w C:\Program Files\eMule
2007-11-24 15:48 --------- d-----w C:\Documents and Settings\clem\Application Data\vlc
2007-11-24 15:38 --------- d-----w C:\Program Files\VideoLAN
2007-11-24 15:31 9,679,815 ----a-w C:\Program Files\vlc-0.8.6c-win32.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 10:24 13,411,824 ----a-w C:\Program Files\Google_Earth_BZXV.exe
2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:49 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-01 13:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 13:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-08-27 11:57 3,853,117 ----a-w C:\Program Files\setup_oC305PE2.exe
2007-03-23 22:36 1,708,697 ----a-w C:\Program Files\jidelna-v.mov
2007-03-23 11:39 20,928,336 ----a-w C:\Program Files\SkypeSetup.exe
2007-03-14 16:15 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
1999-07-07 01:00 6 --sh--r C:\WINDOWS\@desktop@.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54 172032]
"Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-07-22 14:36 57344]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 06:03 708697]
"Matchlock Scheduling"="C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\Monitor.exe" [2005-07-05 23:22 45056]
"Ulead Remote Control Center"="C:\Program Files\Ulead Systems\Ulead InstaMedia 3.0\RMC.exe" [2005-05-27 08:09 49152]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 12:08 52840]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 14679552 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\clem\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-24 14:41:25]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2007-03-10 16:40:08]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 13:42:30]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-24 14:41:25]
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-05 14:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2005-07-06 20:26 102400 --a------ C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
System

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 --a------ C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown]
c:\sysprep\patch\sysprep.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"LxrSII1s"=2 (0x2)
"ITECIRService"=2 (0x2)

R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2006-01-10 10:52]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:29]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-06-14 11:12]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys []
S4 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-05-16 14:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a25b81e-6c6e-11dc-8991-0013ce6fb3e6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4473d0e6-da1f-11db-a6ae-0013ce6fb3e6}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81ba20a2-5947-11dc-8953-806d6172696f}]
\Shell\AutoRun\command - D:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad8b8040-cf22-11db-a687-806d6172696f}]
\Shell\AutoRun\command - C:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd4731b4-9b71-11dc-8a10-0013ce6fb3e6}]
\Shell\AutoRun\command - G:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

*Newly Created Service* - PROCEXP90
*Newly Created Service* - RKPAVPROC
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-14 19:24:56 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - clem.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 19:27:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 19:27:43
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 18:27:42
.
2007-12-31 08:31:34 --- E O F ---

A+

JPAV
0
Réponse 6 / 27
jpav Messages postés 25 Statut Membre 4
 
Regis59,

J'avais lancé un scan online avec Panda avant notre discussion; voilà le rapport avec détection de virus sur mon disque externe G:
Est ce que cela aide ton diagnostic ?

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-01 19:30:42
PROTECTIONS: 1
MALWARE: 40
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus 2006 2005 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@tradedoubler[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@247realmedia[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@tribalfusion[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@mediaplex[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@mediaplex[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@fe.lea.lycos[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@gostats[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@statcounter[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@bs.serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@weborama[5].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@weborama[3].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@facebook[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@adtech[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@fl01.ct2.comclick[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@statse.webtrendslive[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@overture[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@questionmarket[2].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@adrevolver[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@searchportal.information[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@adviva[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@adviva[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\CLEM\Cookies\clem@smartadserver[4].txt
02887375 Adware/Starware Adware No 0 Yes No C:\System Volume Information\_restore{2A87055D-FCC1-4C83-B05F-7D9EAA393733}\RP198\A0041202.DLL
02888324 Trj/Lineage.GVV Virus/Trojan No 1 Yes No G:\System Volume Information\_restore{C7573461-46F2-4697-9611-314166CD6D59}\RP212\A0017979.INF
02888324 Trj/Lineage.GVV Virus/Trojan No 1 Yes No G:\System Volume Information\_restore{9A6782E4-5778-483D-A0D6-883114E1C06E}\RP257\A0027656.INF
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

JPAV
0
Réponse 7 / 27
jpav Messages postés 25 Statut Membre 4
 
Merci Régis59 ! Super, j'ai à nouveau acès à mes disques !
Mais quid du virus détecté par Panda sur mon disque G: ? Faut-il faire qqchose de plus ?

JPAV
0
Réponse 8 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

J'avais pas vu le rapport, c'est soit des cookies soit localisé dans la restauration systeme donc neutralisés, rien de grave.
Ou en sont tes soucis?

A+
0
Réponse 9 / 27
jpav Messages postés 25 Statut Membre 4
 
Merci beaucoup de ton aide Régis59; le pb d'accès aux disques durs est réglé. C'est parfait.
Pb résolu.
Bonne année et bravo pour ton efficacité dans le dépannage des internautes incompétents ...
A+

JPAV
0
Réponse 10 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re JPAV;

De rien, et desormais attention a tes telechargements et tes surfs ;)

Meilleurs voeux.

A+
0
Réponse 11 / 27
jpav Messages postés 25 Statut Membre 4
 
Régis59,
Visiblement mon pb précédent n'est pas complètement terminé (loin de là); en effet, j'ai un deuxième PC, fixe celui là (par rapport au portable surlequel j'avais le pb précédent); entre les deux j'utilise un disque dur USB transportable.
J'ai branché ce disque transportable sur mon fixe et rebelote il se bloque.
J'ai procédé comme recommandé sur le site en faisant les 4 opérations préalables (ccleaner, avg,bitdefendeer et hijackthis).
Je te poste les reports

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:37:15 03/01/2008

+ Résultat de l'analyse:

HKU\S-1-5-21-725345543-1960408961-2147196821-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7F41B871-1AB8-4721-A304-7B8F25CCB672}\\URL -> Adware.WinFixer : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@2o7[3].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@aolfr.122.2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@adtech[1].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@adviva[2].txt -> TrackingCookie.Adviva : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@atdmt[3].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@atdmt[1].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@atdmt[1].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@atdmt[3].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@bluestreak[3].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@ehg-danieljouvance.hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@searchportal.information[1].txt -> TrackingCookie.Information : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@revenue[2].txt -> TrackingCookie.Revenue : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@news.skype[1].txt -> TrackingCookie.Skype : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@smartadserver[3].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@m.webtrends[3].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
C:\Documents and Settings\Caroline\Cookies\caroline@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Clémentine\Cookies\clémentine@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@zedo[2].txt -> TrackingCookie.Zedo : Ignoré.
C:\Documents and Settings\Martine\Cookies\martine@zedo[3].txt -> TrackingCookie.Zedo : Ignoré.

Fin du rapport

BITDEFENDER

BitDefender Online Scanner

Scan report generated at: Thu, Jan 03, 2008 - 22:59:06

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
02:16:37

Files
635306

Folders
16172

Boot Sectors
7

Archives
105337

Packed Files
17829

Results

Identified Viruses
6

Infected Files
361

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
361

Engines Info

Virus Definitions
885280

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\=>Master Boot Record 81
Infected with: Parity_Boot.B (Boot image)

C:\=>Master Boot Record 81
Disinfection failed

C:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

C:\Autorun.inf
Deleted

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Disinfection failed

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Deleted

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)
Updated

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)
Updated

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx
Update failed

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP430\A0104399.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP430\A0104399.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP430\A0104400.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP430\A0104400.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP430\A0104401.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP430\A0104401.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104448.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104448.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104449.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104449.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104453.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104453.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104482.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104482.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104483.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104483.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104484.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP431\A0104484.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104519.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104519.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104520.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104520.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104538.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104538.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104566.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104566.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104567.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104567.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104568.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104568.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104606.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104606.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104607.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104607.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104608.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104608.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104635.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104635.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104636.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104636.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104637.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP432\A0104637.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104654.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104654.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104655.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104655.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104656.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104656.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104693.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104693.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104694.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104694.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104695.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104695.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104723.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104723.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104724.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104724.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104725.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104725.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104743.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104743.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104744.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104744.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104745.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP433\A0104745.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104760.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104760.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104761.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104761.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104762.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104762.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104787.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104787.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104788.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104788.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104789.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP434\A0104789.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104940.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104940.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104941.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104941.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104942.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104942.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104959.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104959.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104960.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104960.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104961.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104961.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104992.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104992.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104993.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104993.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104994.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP435\A0104994.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105006.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105006.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105007.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105007.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105021.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105021.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105022.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105022.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105023.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105023.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105044.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105044.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105045.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105045.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105048.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105048.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105086.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105086.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105087.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105087.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105088.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP436\A0105088.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105101.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105101.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105102.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105102.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105103.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105103.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105156.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105156.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105157.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105157.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105158.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP437\A0105158.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP438\A0105174.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP438\A0105174.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP438\A0105175.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP438\A0105175.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP438\A0105176.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP438\A0105176.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105747.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105747.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105748.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105748.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105933.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105933.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105964.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105964.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105965.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105965.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105966.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105966.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105993.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105993.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105994.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105994.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105995.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0105995.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106016.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106016.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106017.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106017.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106018.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106018.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106038.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106038.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106039.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106039.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106040.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP439\A0106040.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106064.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106064.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106065.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106065.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106066.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106066.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106087.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106087.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106088.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106088.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106089.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0106089.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0107092.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0107092.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0107093.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0107093.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0107094.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP440\A0107094.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107116.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107116.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107117.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107117.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107118.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107118.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107140.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107140.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107141.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107141.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107142.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107142.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107173.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107173.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107174.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107174.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107175.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107175.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107192.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107192.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107193.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107193.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107194.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP441\A0107194.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107231.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107231.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107232.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107232.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107233.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107233.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107253.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107253.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107254.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107254.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107255.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107255.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107282.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107282.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107283.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107283.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107284.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP442\A0107284.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107318.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107318.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107319.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107319.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107320.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107320.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107346.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107346.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107347.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107347.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107348.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107348.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107373.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107373.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107374.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107374.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107375.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107375.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107390.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107390.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107391.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107391.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107392.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107392.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107419.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107419.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107420.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107420.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107421.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107421.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107451.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107451.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107452.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107452.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107453.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107453.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107468.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107468.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107469.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107469.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107470.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP443\A0107470.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107493.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107493.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107494.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107494.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107500.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107500.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107536.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107536.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107537.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107537.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107538.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107538.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107583.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107583.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107584.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107584.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107585.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107585.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107600.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107600.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107601.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107601.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107602.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP444\A0107602.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107627.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107627.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107628.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107628.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107639.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107639.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107676.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107676.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107677.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107677.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107678.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP445\A0107678.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107698.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107698.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107699.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107699.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107700.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107700.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107751.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107751.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107752.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107752.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107753.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107753.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107780.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107780.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107781.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107781.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107782.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP446\A0107782.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107801.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107801.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107802.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107802.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107808.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107808.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107847.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107847.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107848.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107848.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107849.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107849.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107876.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107876.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107877.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107877.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107878.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP447\A0107878.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107911.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107911.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107912.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107912.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107958.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107958.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107959.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107959.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107960.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0107960.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0108002.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0108002.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0108003.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0108003.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0108004.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP448\A0108004.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0108101.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0108101.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0108102.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0108102.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0108103.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0108103.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0109138.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0109138.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0109139.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0109139.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0109140.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP449\A0109140.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP450\A0109280.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP450\A0109280.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP450\A0109281.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP450\A0109281.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP450\A0109282.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP450\A0109282.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP450\A0109298.exe
Infected with: Win32.Wor
0
Réponse 12 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Supprime tout ce que AVG a trouvé.
Et relance un scan AVG et Bitdefender.

A+
0
Réponse 13 / 27
jpav Messages postés 25 Statut Membre 4
 
Régis59,
J'avais déjà supprimé ce que AVG avait détecté avant de lancer bitdefender.
Donc le rapport de bitdefender est après suppression du résultat d'AVG.

Néanmoins, ok, Je relance AVG, puis bitdefender
A+
JPAV
0
Réponse 14 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Ok :)

A+
0
Réponse 15 / 27
jpav Messages postés 25 Statut Membre 4
 
Régis59,
Voilà les deux rapports:
- AVG; j'ai détruit les pb trouvés
- bitdefender

Il n'y a pas l'air d'avoir beaucoup de différences avec le précédent (lrs virus détruits la fois précédente sont revenus !)

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 14:47:23 04/01/2008

+ Résultat de l'analyse:

C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Martine\Cookies\martine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Martine\Cookies\martine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@revsci[2].txt -> TrackingCookie.Revsci : Aucune action entreprise.
C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Jean-Pascal\Cookies\jean-pascal@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Anne-Sophie\Cookies\anne-sophie@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Fri, Jan 04, 2008 - 17:16:39

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
02:27:29

Files
638424

Folders
16181

Boot Sectors
7

Archives
105361

Packed Files
17902

Results

Identified Viruses
5

Infected Files
9

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
9

Engines Info

Virus Definitions
885394

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\=>Master Boot Record 81
Infected with: Parity_Boot.B (Boot image)

C:\=>Master Boot Record 81
Disinfection failed

C:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

C:\Autorun.inf
Deleted

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Disinfection failed

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Deleted

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)
Updated

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx=>(message 8)
Updated

C:\Documents and Settings\Clémentine\Local Settings\Application Data\Identities\{D3D9DC56-81ED-4EFB-855B-0C45074D78E7}\Microsoft\Outlook Express\Clémence (1).dbx
Update failed

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP453\A0109750.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP453\A0109750.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP453\A0109751.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP453\A0109751.exe
Deleted

C:\WINDOWS\Config\Svchost.exe
Infected with: Win32.Worm.VB.NPM

C:\WINDOWS\Config\Svchost.exe
Deleted

C:\WINDOWS\Config\System.exe
Infected with: Win32.Worm.VB.NPM

C:\WINDOWS\Config\System.exe
Deleted

D:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

D:\Autorun.inf
Deleted

E:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

E:\Autorun.inf
Deleted

I:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

I:\Autorun.inf
Deleted

Merci de ton aide.

JPAV
0
Réponse 16 / 27
jpav Messages postés 25 Statut Membre 4
 
Régis59,
J'ai réussi, en suivant les conseils de commentcamarche, à supprimer le virus Parity boot B (merci SOPHOS), et à désinfecter mon disque amoviblke I:.
Mais, je n'arrive pas à me débarrasser de Worm VB-NPM détecté par Bitdefender; à chaque fois, il dit le détruire mais au passage suivant il est toujours là. Je l'ai fait également en mode sans échec.
Comment ce fait-il également qu'il n'est pas détecté par Avast que j'ai en résident.

Je te poste le dernier rapport de bitdefender.

Merci de ton aide.

BitDefender Online Scanner

Scan report generated at: Sat, Jan 05, 2008 - 20:12:54

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;

Statistics

Time
01:59:34

Files
634597

Folders
15586

Boot Sectors
5

Archives
105422

Packed Files
18089

Results

Identified Viruses
3

Infected Files
40

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
41

Engines Info

Virus Definitions
885548

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

C:\Autorun.inf
Deleted

C:\RECYCLER\S-1-5-21-725345543-1960408961-2147196821-1003\Dc46.dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\RECYCLER\S-1-5-21-725345543-1960408961-2147196821-1003\Dc46.dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Disinfection failed

C:\RECYCLER\S-1-5-21-725345543-1960408961-2147196821-1003\Dc46.dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)=>(message body)
Deleted

C:\RECYCLER\S-1-5-21-725345543-1960408961-2147196821-1003\Dc46.dbx=>(message 8)=>[Subject: Introduction on ADSL][Date: Wed, 2 Apr 2003 11:23:44 +0200 (CEST)]=>(MIME part)
Updated

C:\RECYCLER\S-1-5-21-725345543-1960408961-2147196821-1003\Dc46.dbx=>(message 8)
Updated

C:\RECYCLER\S-1-5-21-725345543-1960408961-2147196821-1003\Dc46.dbx
Update failed

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109965.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109965.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109966.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109966.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109967.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109967.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110206.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110206.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110207.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110207.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110208.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110208.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111206.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111206.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111207.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111207.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111208.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111208.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112227.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112227.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112228.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112228.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112229.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112229.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112685.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112685.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112686.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112686.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112687.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112687.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112805.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112805.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112806.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112806.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112807.inf
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112807.inf
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112826.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112826.exe
Deleted

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112827.exe
Infected with: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112827.exe
Deleted

C:\WINDOWS\Config\Svchost.exe
Infected with: Win32.Worm.VB.NPM

C:\WINDOWS\Config\Svchost.exe
Deleted

C:\WINDOWS\Config\System.exe
Infected with: Win32.Worm.VB.NPM

C:\WINDOWS\Config\System.exe
Deleted

D:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

D:\Autorun.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109970.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109970.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110211.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110211.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111211.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111211.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112232.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112232.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112242.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112242.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112690.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112690.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112810.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112810.inf
Deleted

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112830.inf
Infected with: Win32.Worm.VB.NPM

D:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112830.inf
Deleted

E:\Autorun.inf
Infected with: Win32.Worm.VB.NPM

E:\Autorun.inf
Deleted

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109973.inf
Infected with: Win32.Worm.VB.NPM

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP456\A0109973.inf
Deleted

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110214.inf
Infected with: Win32.Worm.VB.NPM

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0110214.inf
Deleted

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111213.inf
Infected with: Win32.Worm.VB.NPM

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0111213.inf
Deleted

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112234.inf
Infected with: Win32.Worm.VB.NPM

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP459\A0112234.inf
Deleted

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112693.inf
Infected with: Win32.Worm.VB.NPM

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP461\A0112693.inf
Deleted

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112813.inf
Infected with: Win32.Worm.VB.NPM

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112813.inf
Deleted

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112833.inf
Infected with: Win32.Worm.VB.NPM

E:\System Volume Information\_restore{04145840-F5E0-4D8E-BD28-8FF67159EA53}\RP462\A0112833.inf
Deleted

@+
JPAV
0
Réponse 17 / 27
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
oK

Branche tes disques amovibles.

Execute ceci:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

A+
0
Réponse 18 / 27
jpav Messages postés 25 Statut Membre 4
 
Régis59,
Ok, c'est fait.
Faut-il que je relance bitdefender, pour vérifier?

JPAV
0
Réponse 19 / 27
jpav Messages postés 25 Statut Membre 4
 
Régis,
J'ai relancé bitdefender, mais il trouve toujours le même virus VORM VB NPM sur mes disques C, D et E
Quoi faire ? Pourquoi AVAST ne détecte rien ?

JPAV
0
Réponse 20 / 27
jpav Messages postés 25 Statut Membre 4
 
régis59,

J'ai trouvé ça

http://blog.logout.fr/2008/01/wormwin32autorun/#links

je l'ai appliqué et cela semble marcher; l'avenir me le dira !
cela peut servir à d'autres !

JPAV
0

Discussions similaires

W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses