Sujet Précédent Sujet Suivant

Pack trojan, virus, vers, spyware

nicotitan -  
 nicotitan -
Bonjour,

Bonjour,

Je demande de l’aide pour éradiquer plusieurs vilaines bébettes (cheval de troie, virus, espions, vers, la totale !!!) parce que je n’en puis plus, elles arrivent au bout de mes forces et de mes capacités.

Historiquement, destroy a repéré Torpig (2 fichiers dans Temp qui transmettaient mes infos perso) que je pense avoir éradiqué après un dur combat, mais je suis aller de déconvenue en déconvenue, en installant différents softs pour avoir sa peau, j’en ai découvert tout plein d’autres.

J’ai suivi plusieurs procédures, (en mode sans échec), les bébettes semblent mortes, mais dès la première connexion Internet, l’antivirus s’affole et m’annonce le grand retour des bébettes.

Révélateur que mon nettoyage n’est pas top. Mais j’ai le sentiment que la racine du problème n’est pas les chevaux de Troie ou vers que je détecte et supprime à chaque fois, mais plutôt un autre que je ne détecte pas et qui les rappelle à la première connexion.

Plus bas je détaille la liste des bébettes et listes des soft déjà utilisés et rapports émis. Juste une dernière précision, j’ai également fait des mises à jour de windows, firefox, antivir, … mais la mise à jour de zone alarm à échoué, je n’ai donc plus de pare feux actuellement.
Depuis peu l’ordi s’arrête tout seul (lorsqu’il est connecté à Internet uniquement semble-t-il), initié par Autorité NT \ System, compte à rebours d’une minute et l’ordi redémarre.

Voici une liste des bébettes identifiées par Antivir que je supprime régulièrement sans succès (parfois en quarantaine):
- Crypt.Xpack.gen
- Crypt.NSPI.gen
- Crypt.ULPM.gen
- W32/Virut.gen
- W32/VirutH
- W32/Virut.U

- Vundo.gen
- Fotomoto.F.1 les précédents sont fréquents, les suivants sont plus rares

- Dldr.injecter.dc
- Dldr.Agent.fsi
- Dldr.Agent.sfa
- Dldr.conhook.gen
- Qhost.AEI.30
- Rootkit.gen
- Agent.oda.2
- Worm/Rbot…
- Worm/Allaple
- Worm/IrcBot…
- SCKeylogger
- Favadd.BF
- W95/blumblebee.1738 (lors du scan panda online)
- …

Logiciels déjà utilisés : en mode normal, sans échec, dans le désordre :
- Spybot - Search & Destroy
- CCleaner
- AVG Anti-Spyware
- Antivir personnal edition classic (en continue+ scans)
- Zone Alarm (vieille version en continue) (mais maintenant désinstaller)
- HijackThis
- VundoFix (jamais rien repéré)
- Scan en ligne par panda (foiré complétement)

Les rapports :

AntiVir PersonalEdition Classic
Report file date: samedi 12 avril 2008 18:18

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: Administrateur
Computer name: GUGUS-UVF85WAAW

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:07:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 19:54:14
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 19:54:14
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 11/04/2008 19:54:15
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 04/04/2008 21:07:59
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 12 avril 2008 18:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '55' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.W
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
C:\WINDOWS\system32\aof.exe
[DETECTION] Contains code of the Windows virus W32/Virut.U
[INFO] The file was deleted!
C:\WINDOWS\system32\mp32s.sys
[WARNING] The file could not be opened!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\' <Kit Free>
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: samedi 12 avril 2008 20:39
Used time: 2:21:34 min

The scan has been done completely.

5658 Scanning directories
468698 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
468696 Files not concerned
1731 Archives were scanned
3 Warnings
13 Notes

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:45:59 12/04/2008

+ Résultat de l'analyse:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Erreur lors du nettoyage.
HKU\S-1-5-21-823518204-1336601894-839522115-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\lulu\Cookies\lulu@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.8:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\lulu\Cookies\lulu@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.21:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\lulu\Cookies\lulu@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.25:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.26:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.13:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.14:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.15:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.16:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.17:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.18:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.19:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.20:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.27:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.28:C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

Fin du rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:17, on 13/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\ECB.exe
C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\sstray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eCarteBleue-LPV-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Le Clavier Façile.lnk = C:\FRANCOIS\TYPING\FLYING.EXE
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bentleymc.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24FB6991-8987-4139-BFA6-B48B1D274003}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABDA0-01FE-43C6-968F-BDA1EE10ABB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E1BE6F3-9F05-47A3-A6B0-E7BF303E46D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9FAD541-DDDD-4F84-8DCD-0360AAD6CA16}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS5\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS6\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS7\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS8\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
A voir également:

14 réponses

Réponse 1 / 14
Utilisateur anonyme
 
salut

tu met tous a jours puis tu redemare l'ordi en mode sans echec puis tu fait les scan avec antivir spybot et avg antispi puis tu supprime tous se qu'ils trouvent

bien configurer antivir:

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
0
Réponse 2 / 14
nicotitan
 
OK mais j'en ai pour qq heures
à bientot et merci de me donner un coup de main
mais si je suis perplex sur les résultats...
Marci à +
0
Réponse 3 / 14
sniper94 Messages postés 507 Statut Membre 23
 
Tu peux supprimer beaucoup de choses dans ton log hijackthis, coche les cases suivantes et fais "fix checked".
Ceux-la j'en suis sur (tu peux les supprimer sans problème).

- R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

- O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab

- O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab

- O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

- O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

- O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

- O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab

- O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab

- O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

- O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab

- O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

- O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

- O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx

- O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab

- O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bentleymc.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab

J'abandonne (pfiou), ton rapport est une vrai usine a gaz (la première fois que je vois un rapport aussi complexe), tu peux néanmoins supprimer ceux-dessus.
0
Réponse 4 / 14
nicotitan
 
Salut,

J'ai fait toutes ces actions, pour l'instant ça va mais jusqu'à quand ?
Je dépose les rapports ci-dessous, de antivir (qui n'a rien trouvé), pas de rapport spybot (je n'ai pas trouvé comment éditer un rapport) mais qui a trouvé et supprimé SCKeylogger dans C:Windows\System32\SBI$546AC3B1.exe, et Win32Tiny.abk dans C:Windows\Temp\7CF28762C38CA0D4.tmp, puis le rapport AVG antispi qui a supprimé plusieurs fichiers moyen danger, mais un élevé : Root.kit.Agent.qz. Ensuite, le rapport Hijackthis après nettoyage.

Merci de votre aide, je vais essayé de telecharger un parefeu, et vous tiens au courant si un virus, spyware, trojan ou autres se signale.

AntiVir PersonalEdition Classic
Report file date: dimanche 13 avril 2008 13:29

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: Administrateur
Computer name: GUGUS-UVF85WAAW

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:07:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 19:54:14
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 19:54:14
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 11/04/2008 19:54:15
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 04/04/2008 21:07:59
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 13 avril 2008 13:29

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '55' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.W
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
C:\WINDOWS\system32\mp32s.sys
[WARNING] The file could not be opened!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\' <Kit Free>
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: dimanche 13 avril 2008 15:51
Used time: 2:21:57 min

The scan has been done completely.

5710 Scanning directories
469963 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
469962 Files not concerned
1750 Archives were scanned
3 Warnings
13 Notes

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:10:06 13/04/2008

+ Résultat de l'analyse:

C:\Program Files\Helper\superfindout.dll.vir -> Not-A-Virus.Adware.BHO : Aucune action entreprise.
C:\Documents and Settings\lulu\Application Data\install_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : Aucune action entreprise.
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008370.sys -> Rootkit.Agent.qz : Aucune action entreprise.
C:\Documents and Settings\lulu\Cookies\lulu@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\lulu\Cookies\lulu@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\lulu\Cookies\lulu@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\lulu\Cookies\lulu@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

Fin du rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:08, on 13/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eCarteBleue-LPV-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bentleymc.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24FB6991-8987-4139-BFA6-B48B1D274003}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABDA0-01FE-43C6-968F-BDA1EE10ABB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E1BE6F3-9F05-47A3-A6B0-E7BF303E46D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9FAD541-DDDD-4F84-8DCD-0360AAD6CA16}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS5\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS6\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS7\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS8\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
sniper94 Messages postés 507 Statut Membre 23
 
Fix ces éléments :

- O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab

- O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab

- O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

- O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

- O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

- O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab

- O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab

- O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

- O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab

- O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

- O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

- O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx

- O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab

- O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bentleymc.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab

Télécharges A-squared free (excellent) et fais un scan détail : http://www.commentcamarche.net/telecharger/telecharger 224 a squared

Ensuite dis moi ce qu'il a trouver.
0
Réponse 6 / 14
nicotitan
 
Pardon, je n'avais pas mis le nouveau rapport mais l'ancien, alors voili voilou
Sinon, j'ai réessayé d'installer Zone alarm sans succès, je l'ai donc désinstallé (spybot me demande à chaque fois des autorisations de modif registre que j'ai accepté) puis il demandais un redémarrage, ok, et après redem, antivir a détecté 2 Virut.U !!! que j'ai supprimé. Pour l'instant la connexion internet tient le coup, l'ordi ne s'arrete plus au bout de qq minutes.
Merci encore de votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:12, on 13/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\ECB.exe
C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\sstray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\ftp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\ftp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eCarteBleue-LPV-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-823518204-1336601894-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-823518204-1336601894-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-823518204-1336601894-839522115-1003 Startup: Le Clavier Façile.lnk = C:\FRANCOIS\TYPING\FLYING.EXE (User '?')
O4 - S-1-5-21-823518204-1336601894-839522115-1003 Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe (User '?')
O4 - S-1-5-21-823518204-1336601894-839522115-1003 Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe (User '?')
O4 - Startup: Le Clavier Façile.lnk = C:\FRANCOIS\TYPING\FLYING.EXE
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24FB6991-8987-4139-BFA6-B48B1D274003}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABDA0-01FE-43C6-968F-BDA1EE10ABB5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E1BE6F3-9F05-47A3-A6B0-E7BF303E46D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9FAD541-DDDD-4F84-8DCD-0360AAD6CA16}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS5\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS6\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.116.92 85.255.112.146
O17 - HKLM\System\CS7\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 85.255.116.92,85.255.112.146
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS8\Services\Tcpip\..\{1218D00A-19B0-4F08-B8AD-3295EA7D0689}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 7 / 14
sniper94 Messages postés 507 Statut Membre 23
 
Alors fix ceux-la :

- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)

- 04 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)

- O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)

Télécharges A-squared free (excellent) et fais un scan détail : https://www.commentcamarche.net/telecharger/ 224 a squared

Fais un scan en ligne : http://www.bitdefender.fr/scan_fr/scan8/ie.html

A la fin dis moi ce que a-squared a trouvé et pour bitdefender colle le rapport.
0
Réponse 8 / 14
nicotitan
 
J'ai tout bien fait,
(le premier lien n'est plus bon mais je l'ai trouvé)
voici les 2 rapports, je ne sais pas quoi faire avec a-squared (puis-je tout supprimer) ?
Sinon la peche semble avoir été bonne.
J'attends vos conseils. et encore un grand merci

Version - a-squared Free 3.5
Dernière mise à jour : 13/04/2008 21:58:29

Paramètres du Scan :

Éléments : Mémoire, Traces, Cookies, C:\
Analyse les archives : Marche
Analyse heuristiques : Marche
Analyse ADS : Marche

Début de l'analyse : 13/04/2008 22:11:57

c:\program files\helper Objets détectés : Trace.Directory.I-Spy
c:\windows\system32\bhoecart.dll Objets détectés : Trace.File.Suspicious
c:\windows\gvcasinos.ini Objets détectés : Trace.File.Grace Casino
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\BST\bsplayerv1 --> AppPath Objets détectés : Trace.Registry.BSplayer
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\BST\bsplayerv1 --> AppVer Objets détectés : Trace.Registry.BSplayer
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\ballon --> Checksum Objets détectés : Trace.Registry.WinSOS
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\ballon --> MaximiseeOuverture Objets détectés : Trace.Registry.WinSOS
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\ballon --> PositionOuverture Objets détectés : Trace.Registry.WinSOS
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\ballon --> TailleOuverture Objets détectés : Trace.Registry.WinSOS
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\choixlangues --> Checksum Objets détectés : Trace.Registry.WinSOS
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\choixlangues --> MaximiseeOuverture Objets détectés : Trace.Registry.WinSOS
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\choixlangues --> PositionOuverture Objets détectés : Trace.Registry.WinSOS
Value: HKEY_USERS\S-1-5-21-823518204-1336601894-839522115-1003\Software\WINSOS\WINSOS\choixlangues --> TailleOuverture Objets détectés : Trace.Registry.WinSOS
C:\Documents and Settings\lulu\Application Data\install_fr[1].exe Objets détectés : Riskware.Downloader.Win32.WinFixer.au
C:\Documents and Settings\lulu\Bureau\torpig infection\l2mfix\l2mfix.exe/Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Antivirus\torpig infection\l2mfix\l2mfix.exe/Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Canal moins\InstallMMTV.exe Objets détectés : Trojan.Win32.StartPage.azb
C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Canal moins\Install_Dll_MMTV\InstallDll.exe Objets détectés : Trojan.Win32.StartPage.azb
C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Canal moins\Install_Dll_MMTV.zip/InstallDll.exe Objets détectés : Trojan.Win32.StartPage.azb
C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Canal moins\MMTV2.40\InstallMMTV.exe Objets détectés : Trojan.Win32.StartPage.azb
C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Canal moins\MMTV2.40.zip/InstallMMTV.exe Objets détectés : Trojan.Win32.StartPage.azb
C:\Program Files\Free.fr\Dialer\Dialer.exe Objets détectés : Heuristic.Dialer.RAS
C:\Program Files\Helper\superfindout.dll.vir Objets détectés : Adware.Win32.BHO.vl
C:\Program Files\MeuhMeuhTV\UninstMMTV.exe Objets détectés : Trojan.Win32.StartPage.azb
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP1\A0006201.exe/Process.exe Objets détectés : Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008856.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008857.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008858.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008859.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008860.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008861.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008862.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008863.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008864.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008865.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008866.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008867.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008868.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008869.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008870.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008871.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008872.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008873.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008874.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008875.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008876.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008877.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008878.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008879.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008880.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008881.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008882.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008883.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008884.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008885.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008886.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008887.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008888.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008889.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008890.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008891.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008892.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008893.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008894.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008895.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008896.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008897.exe Objets détectés : Backdoor.Win32.Agent.czt
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP18\A0009086.exe Objets détectés : Backdoor.Win32.Rbot.jpb
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008358.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008359.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008360.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008362.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008363.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008366.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008367.dll Objets détectés : Adware.Win32.Virtumonde.edy
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008368.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP8\A0008369.exe Objets détectés : Trojan.Win32.Obfuscated.kp
C:\WINDOWS\system32\aof.exe Objets détectés : Backdoor.Win32.Rbot.jpb

Analysé

Fichiers : 251441
Traces : 396550
Cookies : 7
Processus : 52

Objets trouvés

Fichiers : 65
Traces : 13
Cookies : 0
Processus : 0
Clés du Registre : 0

Fin de l'analyse : 13/04/2008 23:45:49
Temps de l'analyse : 1:33:52

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

BitDefender Online Scanner

Rapport d'analyse généré à: Mon, Apr 14, 2008 - 00:34:31

Voie d'analyse: A:\;C:\;D:\;E:\;

Statistiques

Temps
00:39:28

Fichiers
73516

Directoires
5813

Secteurs de boot
2

Archives
1509

Paquets programmes
6875

Résultats

Virus identifiés
3

Fichiers infectés
48

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
48

Info sur les moteurs

Définition virus
1142355

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
16

Archive des plugins
41

Unpack des plugins
7

E-mail plugins
6

Système plugins
5

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\Documents and Settings\lulu\Application Data\install_fr[1].exe
Infecté par: Trojan.Generic.73705

C:\Documents and Settings\lulu\Application Data\install_fr[1].exe
Supprimé

C:\Documents and Settings\lulu\Bureau\torpig infection\l2mfix\l2mfix.exe
Détecté avec: Application.Tool.722

C:\Documents and Settings\lulu\Bureau\torpig infection\l2mfix\l2mfix.exe
Echec de la désinfection

C:\Documents and Settings\lulu\Bureau\torpig infection\l2mfix\l2mfix.exe
Supprimé

C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Antivirus\torpig infection\l2mfix\l2mfix.exe
Détecté avec: Application.Tool.722

C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Antivirus\torpig infection\l2mfix\l2mfix.exe
Echec de la désinfection

C:\Documents and Settings\lulu\Mes documents\Nico\Ordi\Antivirus\torpig infection\l2mfix\l2mfix.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP1\A0006201.exe
Détecté avec: Application.Tool.722

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP1\A0006201.exe
Echec de la désinfection

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP1\A0006201.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008856.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008856.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008857.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008857.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008858.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008858.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008859.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008859.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008860.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008860.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008861.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008861.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008862.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008862.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008863.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008863.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008864.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008864.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008865.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008865.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008866.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008866.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008867.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008867.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008868.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008868.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008869.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008869.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008870.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008870.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008871.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008871.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008872.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008872.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008873.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008873.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008874.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008874.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008875.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008875.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008876.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008876.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008877.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008877.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008878.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008878.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008879.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008879.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008880.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008880.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008881.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008881.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008882.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008882.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008883.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008883.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008884.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008884.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008885.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008885.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008886.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008886.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008887.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008887.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008888.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008888.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008889.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008889.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008890.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008890.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008891.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008891.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008892.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008892.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008893.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008893.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008894.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008894.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008895.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008895.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008896.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008896.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008897.exe
Infecté par: Trojan.Fotomoto.H

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP13\A0008897.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP20\A0009361.exe
Infecté par: Trojan.Generic.73705

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP20\A0009361.exe
Supprimé

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP20\A0009362.exe
Détecté avec: Application.Tool.722

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP20\A0009362.exe
Echec de la désinfection

C:\System Volume Information\_restore{F5B32D8C-90F2-4B1D-BB1D-035BC8A5CFDA}\RP20\A0009362.exe
Supprimé
0
Réponse 9 / 14
nicotitan
 
J'ai supprimé qq fichiers avec a-squared et d'autres moins dangereux en quarantaine!
Miais je n'arrive toujours pas à installer zone alarm
le message d'erreur est le suivant :
L'application n'a pas réussi à s'initialiser correctement (0xc0000142). Cliquez sur OK pour arrêter l'application.
Bonne nuit et à demain pour la suite des opérations.
0
Réponse 10 / 14
sniper94 Messages postés 507 Statut Membre 23
 
Tout ce que ta trouvé a-squared tu peux les supprimer. Bitdefender n'a pas reussi a t'en supprimer quelques uns (4) mais deja tout ce qui a été détecter par les deux c'est super bien (ca montre que c'est un "bordel" sur ton ordi ^^ c'est le terrain de jeux des virus etc XD). Ne sens tu pas ton ordi beaucoup mieux ?

Fais un scan kaspersky en ligne pour désinfecter le reste : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (avec internet explorer)

Ensuite colle le rapport (n'oublie pas de supprimer ce que a-squared ta trouvé avant ;-)
0
nicotitan
 
J'ai tout supprimé ce qui était en quarantaine dans a-squared, puis fais plusieurs scan (système, poste de travail et courrier) le 2eme etait mega long mais ca a encore revele des vilaines bebettes. Ouhais mon ordi est un terrain de jeu pour les virus, je fais profil bas et je veux continuer la guerre contre les virus ;-) Voici les rapports :

KASPERSKY ON-LINE SCANNER REPORT
Monday, April 14, 2008 7:27:25 PM
Système d'exploitation : Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 14/04/2008
Enregistrements dans la base antivirus Kaspersky : 631430


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Zones critiques
C:\WINDOWS
C:\DOCUME~1\lulu\LOCALS~1\Temp\

Statistiques de l'analyse
Total d'objets analysés 13642
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:11:30

Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\mp32s.sys L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\Temp\Perflib_Perfdata_860.dat L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

C:\DOCUME~1\lulu\LOCALS~1\Temp\WCESLog.log L'objet est verrouillé ignoré

Analyse terminée.


KASPERSKY ON-LINE SCANNER REPORT
Monday, April 14, 2008 7:52:16 PM
Système d'exploitation : Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 14/04/2008
Enregistrements dans la base antivirus Kaspersky : 631430


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\

Statistiques de l'analyse
Total d'objets analysés 2100
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:23:42

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré

Analyse interrompue par l'utilisateur !



KASPERSKY ON-LINE SCANNER REPORT
Tuesday, April 15, 2008 1:23:41 AM
Système d'exploitation : Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 14/04/2008
Enregistrements dans la base antivirus Kaspersky : 631430


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\

Statistiques de l'analyse
Total d'objets analysés 70779
Nombre de virus trouvés 8
Nombre d'objets infectés 104 / 0
Nombre d'objets suspects 5
Durée de l'analyse 05:09:10

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... ... /[From alice ][Date Wed, 21 Nov 2007 10:17:56 +0100]/access.exe Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... / ... /[Fro ... ... /[From jerry ][Date Fri, 23 Nov 2007 10:28:09 -0400]/access.exe Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... / ... /[Fro ... /[From "Carrie Y. Bacon" ][Date Fri, 23 Nov 2007 18:13:23 +0900]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... / ... /[From "Georgie Young" ][Date Fri, 23 Nov 2007 11:33:51 +1100]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F ... /[ ... /[From "Chuck Kizer" ][Date Fri, 23 Nov 2007 15:43:12 +0200]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F ... /[Fr ... /[From "jesus musgraves" ][Date Wed, 14 Nov 2007 19:46:38 +0200]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F ... /[From "serena javadi" ][Date Wed, 21 Nov 2007 19:02:46 -0400]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F . .. ... /[From sequential ][Date Wed, 21 Nov 2007 10:25:53 +0100]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F . .. ... /[From sequential ][Date Sat, 17 Nov 2007 14:33:56 -0600]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F . .. .. ... /[From "Miikka Gradin" ][Date Tue, 20 Nov 2007 16:23:57 +0100]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F . .. ... /[From "Imelda U. Friend" ][Date Sun, 18 Nov 2007 21:36:23 -0800]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F . ... /[From "gregor Besaw" ][Date 18 Nov 2007 12:53:16 +0900]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F ... /[ ... /[ ... /[From Nico landoz ][Date Sat, 17 Nov 2007 13:57:34 +0100]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F ... /[ ... /[From "Sang Chavez" ][Date Sat, 17 Nov 2007 02:52:13 -0200]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F ... /[From " ... /[From "hill Esmaeily" ][Date 14 Nov 2007 08:44:54 -0500]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[F ... /[From "kessa duveneck" ][Date Wed, 14 Nov 2007 10:14:36 +0100]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGl ... /[From "Huntington escribano" ][Date Tue, 13 Nov 2007 21:17:47 +0200]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGlvbiBTaG9wcGluZyB2aWEg ... /[From "Brook" ][Date Fri, 16 Nov 2007 03:32:33 -0500]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 20 ... /[From "=?ISO-8859-1?B?R+lu6XJhdGlvbiBTaG9wcGluZyB2aWEgTWlzc2NhcmE=?= " ][Date 15 Nov 2007 08:37:23 -0000]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 2007 05:27:18 +0100]/UNNAMED/[From "Gayle Shields" ][Date Mon, 12 Nov 2007 08:08:09 +0500]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 2007 05:27:18 +0100]/UNNAMED/[From "Gayle Shields" ][Date Mon, 12 Nov 2007 17:20:35 +0500]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 2007 05:27:18 +0100]/UNNAMED/[From "Gayle Shields" ][Date Mon, 12 Nov 2007 16:59:47 +0700]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text/[From "Lyssa Pallas" ][Date Sun, 11 Nov 2007 05:27:18 +0100]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED/[From "Joye" ][Date Sat, 10 Nov 2007 14:28:18 -0300]/text Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED/[From "Jamal Murdock" ][Date Sat, 10 Nov 2007 12:39:34 +0300]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash/[From "Jaime Fname" ][Date Sat, 10 Nov 2007 01:35:02 -0200]/UNNAMED Infecté : Email-Worm.Win32.Warezov.um ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\Local Folders\Trash Mail Berkeley mbox: infecté - 26 ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/text/[From Nico land ... /[Fro ... /[From 0@ct69-mel-lra.cete-lyon.i2][Date Sun, 24 Apr 2005 14:36:24 +0200]/application.pif Infecté : Email-Worm.Win32.NetSky.d ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/te ... /[From Charter One Bank ][Date Mon, 25 Apr 2005 11:43:38 +020 ... /html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/te .. ... /[From Charter One Bank ][Date Mon, 25 Apr 2005 19:01:05 +010 ... /html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/te .. ... /[From Charter One Bank ][Date Mon, 25 Apr 2005 19:01:05 +0100]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/te ... /[From Charter One Bank ][Date Mon, 25 Apr 2005 11:43:38 +0200]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/text/[From Nico land . ... /[From Simone Spaulding ][Date Mon, 25 Apr 2005 05:44:59 -0300]/UNNAMED Suspect : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/text/[From Nico land ... /[From System Administrator ][Date Wed, 20 Apr 2005 13:07:23 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/text/[From Nico landoz ][Date Tue, 19 Apr 2005 01:28:28 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 09 Jun 2004 11:35:57 +0200]/text Infecté : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 19 May 2004 11:15:53 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 05 May 2004 12:45:13 +0200]/text Infecté : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox/[From "Marie-caroline.HABERBUSCH"@diplomatie.gouv.fr][Date 30 Apr 2004 10:13:38 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Fraud.gen ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox Mail Berkeley mbox: infecté - 7, suspect - 5 ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox.sbd\Amis.sbd\Fabien Viard/[From "Fabien Viard" ][Date Fri, 12 Nov 2004 15:24:14 GMT]/UNNAMED/[From "Fabien Viard" ][Date Mon, 22 Nov 2004 08:51:17 GMT]/your_document.pif Infecté : Email-Worm.Win32.NetSky.d ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox.sbd\Amis.sbd\Fabien Viard/[From "Fabien Viard" ][Date Fri, 12 Nov 2004 15:24:14 GMT]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Inbox.sbd\Amis.sbd\Fabien Viard Mail Berkeley mbox: infecté - 2 ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Notification Yahoo! Groupes ][Date 2 Mar 2005 09:14:13 -0000]/html Infecté : Trojan-Spy.HTML.Bankfraud.dq ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From ... /[From System ... /[From 0@ct69-mel-lra.cete-lyon.i2][Date Sun, 24 Apr 2005 14:36:24 + ... /UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From ... /[From System ... /[From 0@ct69-mel-lra.cete-lyon.i2][Date Sun, 24 Apr 2005 14:36:24 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From ... /[From System Administrator ][Date Wed, 20 Apr 2005 13:07:23 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From "Dinette Mar ... /[From 0ij4000nnarvb2@typhoon.idm.net.lb][Date Wed, 27 Jul 2005 14:47:50 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.d ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupes ][Date Thu, 12 Jan 2006 18:02:28 +0000]/UNNAMED Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupes Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupes Infecté : Email-Worm.Win32.NetSky.q ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... / ... /[From Communication SFR Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... / ... /[From Communication SFR Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... / ... /[From Communication SFR Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... / ... /[From Communication SFR Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... / ... /[From Communication SFR Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... / ... /[From Communication SFR ][Date Fri, 10 Feb 2006 10:42:33 -0700 (MST)]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupe .. ... /[From "Nierle Media Group" ][Date Sun, 12 Feb 2006 16:40:04 +0100]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupe ... ... /[From Yso-8859-1?Q?steph_pagès? Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupe ... ... /[From Yso-8859-1?Q?steph_pagès?][Date Thu, 2 Feb 2006 12:19:14 +0100]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupe ... /[ ... /[From "Landoz Nicolas" ][Date Fri, 27 Jan 2006 08:39:33 +0100]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupe ... /[From "Reagan Merrill" ][Date Fri, 27 Jan 2006 22:37:56 -080 ... /text Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupe ... /[From "Reagan Merrill" ][Date Fri, 27 Jan 2006 22:37:56 -0800]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupes < ... /[From "Nierle Media Group" ][Date Mon, 23 Jan 2006 23:20:17 +0100]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupes ][Date Sun, 15 Jan 2006 05:55:19 -0500]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupes Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[Fro ... /[From Yahoo! Groupes ][Date 09 Jan 2006 10:33:51 -0000]/text Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From "Dinette Maryline" ][Date Mon, 11 Apr 2005 12:24:55 -0000]/text Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From "Dinette Maryline" ][Date Mon, 11 Apr 2005 10:52:43 +0200]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From "Dinette Maryline" ][Date Mon, 11 Apr 2005 10:46:15 +0200]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTIN ... /[From "Dinette Maryline" ][Date Mon, 11 Apr 2005 09:35:12 +0200]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTINE ... /[From "Dinette Maryline" ][Date Fri, 8 Apr 2005 09:09:44 +0200]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTINE ... /[From "Dinette Maryline" ][Date Fri, 8 Apr 2005 09:16:16 +0200]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED/[From "Eric MARTINEZ" ][Date Tue, 25 Jan 2005 16:34:34 +0100]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text/[From "steph" ][Date Wed, 26 Jan 2005 18:29:45 +0100 (Paris, Madrid)]/UNNAMED Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text/[From "gespa28" ][Date Thu, 24 Feb 2005 16:34:18 -0000]/text Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text/[From "daphne et tom" ][Date Mon, 21 Mar 2005 16:35:32 +0100]/text Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash/[From Simone ][Date Mon, 14 Mar 2005 11:26:19 +0100 (CET)]/text Infecté : Email-Worm.Win32.Bagle.fj ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-1.fr\Trash Mail Berkeley mbox: infecté - 35 ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELIT ... /[From "LeComtois.com" ]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELIT ... /[From "LeComtois.com" ]/text Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELIT ... /[From "LeComtois.com" ]/text Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELIT ... /[From "LeComtois.com" ]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELIT ... /[From "LeComtois.com" ][Date Tue, 3 Jan 2006 21:00:52 +0100]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Adm ... /[From Delber ... /[From contact@bfcjob.com][Date Thu, 20 Oct 2005 17:48:59 +0200]/html Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Adm ... /[From Delbert Gilmore ]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Adm ... /[From Delbert Gilmore ][Date Sat, 01 Oct 2005 12:09:14 +0500]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Admin Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Admin ]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Admin Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Admin ]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Admin Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Admin ]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Fre ... /[From PROGRAMMEDEFIDELITE Admin ][Date Tue, 16 Aug 2005 20:24:15 +0200 (CEST)]/html Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Sal ... /[From "michel ... /[From "LeComtois.com" ][Date Wed, 10 Aug 2005 14:07:07 +0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Sal ... /[From "michel Plantier" Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Sal ... /[From "michel Plantier" ][Date Fri, 8 Jul 2005 08:53:46 +0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Salter ][Date Wed, 6 Jul 2005 10:44:10 +0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Salter ][Date Tue, 28 Jun 2005 16:22:55 +0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Salter ][Date Mon, 27 Jun 2005 00:13:21 +0200 (CEST)]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Salter ][Date Fri, 24 Jun 2005 16:58:07 +0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Salter ][Date Sat, 21 May 2005 13:31:51 -0200]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED/[From Frederick Salter ][Date Fri, 20 May 2005 13:51:30 -0500]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED/[From Lyman Louis ][Date Fri, 20 May 2005 01:56:33 +0600]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED/[From Emmanuel Whitlock ][Date Thu, 19 May 2005 07:12:11 +0600]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text/[From Enrique Kim ][Date Tue, 17 May 2005 15:44:54 +0300]/UNNAMED Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox/[From "Nicolas Landoz" ][Date Fri, 30 Jan 2004 18:06:27 +0100]/text Infecté : Trojan-Downloader.Win32.Bagle.r ignoré

C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\Mail\pop.mail.yahoo-2.fr\Inbox Mail Berkeley mbox: infecté - 28 ignoré

C:\Documents and Settings\lulu\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\urlclassifier3.sqlite L'objet est verrouillé ignoré

C:\Documents and Settings\lulu\Local Settings\Historique\History.IE5\index.da
0
Réponse 11 / 14
sniper94 Messages postés 507 Statut Membre 23
 
A part les c:\windows\... et C:\DOCUME~1\lulu\LOCALS~1\Temp\WCESLog.log supprime tout le reste car la ils sont tous ignoré (c'est toi qui décide quelle action prendre).
0
Réponse 12 / 14
nicotitan
 
Ouhais mais comment, à partir d'où je peux décider de les supprimer ? Il sont ignoré par qui ? Qu'entends tu par "c'est moi qui décide quelle action prendre ?" peux tu préciser un peu, merci.
0
Réponse 13 / 14
nicotitan
 
avec CCleaner j'ai fait un nettoyage mais quand j'essaie de les supprimer individuellement, j'ai un message d'erreur, impossible à supprimer car utilisé par un logiciel...

Voici le rapport de nettoyage de CCleaner et sinon j'attends tes conseils pour la suite, car je ne vois pas comment faire, peut être télécharger une version d'évaluation de Kaspersky ?

NETTOYAGE COMPLET - (3.619 secs)
------------------------------------------------------------------------------------------
160,5MB supprimés.
------------------------------------------------------------------------------------------

Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 483) 130,3MB
C:\Documents and Settings\lulu\Cookies\lulu@notifier.antivir-pe[2].txt 366 bytes
C:\Documents and Settings\lulu\Cookies\lulu@yahoo[1].txt 82 bytes
C:\Documents and Settings\lulu\Cookies\lulu@ccleaner[1].txt 339 bytes
C:\Documents and Settings\lulu\Cookies\lulu@track.effiliation[1].txt 86 bytes
C:\Documents and Settings\lulu\Cookies\lulu@bitdefender[2].txt 133 bytes
C:\Documents and Settings\lulu\Cookies\lulu@www.kaspersky[1].txt 94 bytes
C:\Documents and Settings\lulu\Cookies\lulu@smartadserver[2].txt 375 bytes
C:\Documents and Settings\lulu\Cookies\lulu@sdv[2].txt 150 bytes
C:\Documents and Settings\lulu\Cookies\lulu@xiti[1].txt 101 bytes
C:\Documents and Settings\lulu\Cookies\lulu@netavenir[1].txt 106 bytes
C:\Documents and Settings\lulu\Cookies\lulu@google[1].txt 135 bytes
C:\Documents and Settings\lulu\Cookies\lulu@google[2].txt 134 bytes
C:\Documents and Settings\lulu\Cookies\lulu@scratch2cash[2].txt 354 bytes
C:\Documents and Settings\lulu\Cookies\lulu@www.fetezvotremaison.camif[1].txt 103 bytes
C:\Documents and Settings\lulu\Cookies\lulu@ssl-hints.netflame[2].txt 157 bytes
C:\Documents and Settings\lulu\Cookies\lulu@promobenef[2].txt 1 017 bytes
C:\Documents and Settings\lulu\Cookies\lulu@metaffiliation[1].txt 143 bytes
C:\Documents and Settings\lulu\Cookies\lulu@diffusion[2].txt 304 bytes
C:\Documents and Settings\lulu\Cookies\lulu@webscanner.kaspersky[1].txt 115 bytes
C:\Documents and Settings\lulu\Cookies\lulu@servlet[2].txt 602 bytes
C:\Documents and Settings\lulu\Cookies\lulu@www.scratch2cash[2].txt 262 bytes
C:\Documents and Settings\lulu\Cookies\lulu@reactivpub[1].txt 313 bytes
C:\Documents and Settings\lulu\Cookies\lulu@tribalfusion[2].txt 179 bytes
Marqué pour l'effacement: C:\Documents and Settings\lulu\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marqué pour l'effacement: C:\Documents and Settings\lulu\Cookies\index.dat
Marqué pour l'effacement: C:\Documents and Settings\lulu\Local Settings\Historique\History.IE5\index.dat
Marqué pour l'effacement: C:\Documents and Settings\lulu\Local Settings\Historique\History.IE5\MSHist012008040220080403\index.dat
Marqué pour l'effacement: C:\Documents and Settings\lulu\Local Settings\Historique\History.IE5\MSHist012008040320080404\index.dat
Marqué pour l'effacement: C:\Documents and Settings\lulu\Local Settings\Historique\History.IE5\MSHist012008040420080405\index.dat
Marqué pour l'effacement: C:\Documents and Settings\lulu\Local Settings\Historique\History.IE5\MSHist012008040520080406\index.dat
Marqué pour l'effacement: C:\Documents and Settings\lulu\Local Settings\Historique\History.IE5\MSHist012008041520080416\index.dat
Poubelle vidée (3 fichiers) 369 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 63,88KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 400 bytes
C:\WINDOWS\system32\wbem\Logs\WinMgmt.log 1,00KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 9,85KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64,03KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\setupact.log 0 bytes
C:\WINDOWS\setupapi.log 0,12MB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\ntbtlog.txt 0,57MB
C:\WINDOWS\Debug\UserMode\userenv.log 22,43KB
Cache Internet de Firefox/Mozilla (264 fichiers) 29,0MB
Cookie supprimé: adsl.free.fr
Cookie supprimé: google.com
Cookie supprimé: google.fr
Cookie supprimé: gpspassion.com
Cookie supprimé: xiti.com
Cookie supprimé: www.gpspassion.com
Cookie supprimé: www.koreus.com
Cookie supprimé: www.meilleursites.com
Cookie supprimé: www.nvidia.fr
C:\Documents and Settings\lulu\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\history.dat 24,41KB
C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\history.dat 28,28KB
C:\Documents and Settings\lulu\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\downloads.rdf 206 bytes
C:\Documents and Settings\lulu\Application Data\Mozilla\Profiles\default\jeygt293.slt\downloads.rdf 2,83KB
C:\Documents and Settings\lulu\Application Data\Google\Local Search History\google%2Eweb.w 32 bytes
C:\Documents and Settings\lulu\Application Data\Mozilla\Firefox\Profiles\sqpjx1ar.default\GoogleToolbarData\searchhistory.xml 5,54KB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\24\714bdb98-581e8af5 0,17MB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\24\714bdb98-581e8af5.idx 6,39KB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\30\3a1b6f9e-19ac3e3d 1,53KB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\30\3a1b6f9e-19ac3e3d.idx 515 bytes
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\40\fe0f4a8-2ad82225 1,59KB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\40\fe0f4a8-2ad82225.idx 330 bytes
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\48\b68d2b0-69a93db4 1,02KB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\48\b68d2b0-69a93db4.idx 281 bytes
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\host\12006d6d-4dc1b83a.hst 11 bytes
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jversion.jar-1fcbfefe-240ff93f.idx 153 bytes
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jversion.jar-1fcbfefe-240ff93f.zip 1,02KB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SoftwareInspector.jar-7bc98a84-585ee840.idx 5,93KB
C:\Documents and Settings\lulu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SoftwareInspector.jar-7bc98a84-585ee840.zip 0,17MB
C:\Program Files\eMule\config\AC_SearchStrings.dat 22 bytes
C:\Documents and Settings\lulu\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 bytes
C:\Documents and Settings\lulu\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 428 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 692 bytes
------------------------------------------------------------------------------------------
0
Réponse 14 / 14
nicotitan
 
Bonjour Sniper,
Pourrais tu me donner quelques infos pour poursuivre la désinfection ?
En te remerciant par avance !
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Darty pack serenite
amel.click -
foulq -

1 réponse
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
pack 3 pour windows 7 avec système d'exploitation 64 bits
Amar SADOUN -
juju666 -

20 réponses
Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
JulieVdr -

7 réponses