,Voici mon problème, j'utilise AntiVir PersonalEdition Classic et il me trouve des virus dans mon courrier electronique "Mozilla Thunderbird"
Des fichiers apparament utile comme "C:\Documents and Settings\Albert\Application Data\Thunderbird\Profiles\unn7klxy.default\Mail\Local Folders\Inbox" ou
"C:\Documents and Settings\Albert\Application Data\Thunderbird\Profiles\unn7klxy.default\Mail\Local Folders\Junk" etc..
AntiVir PersonalEdition Classic
Report file date: vendredi 21 mars 2008 10:25
Scanning for 1159754 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Albert
Computer name: SR
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 08/09/2007 06:53:26
AVSCAN.DLL : 7.0.6.0 49192 Bytes 08/09/2007 06:53:26
LUKE.DLL : 7.0.5.3 147496 Bytes 08/09/2007 06:53:27
LUKERES.DLL : 7.0.6.1 10280 Bytes 08/09/2007 06:53:27
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:05:38
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 08:51:37
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 08:51:37
ANTIVIR3.VDF : 7.0.3.58 323072 Bytes 20/03/2008 09:37:07
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 08:49:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 08/09/2007 06:53:26
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 10:39:34
AVREG.DLL : 7.0.1.6 30760 Bytes 08/09/2007 06:53:26
AVARKT.DLL : 1.0.0.20 278568 Bytes 08/09/2007 06:53:24
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 08/09/2007 06:53:24
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 08/09/2007 06:53:19
RCTEXT.DLL : 7.0.62.0 86056 Bytes 08/09/2007 06:53:19
SQLITE3.DLL : 3.3.17.1 339968 Bytes 08/09/2007 06:53:27
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: vendredi 21 mars 2008 10:25
Starting search for hidden objects.
'28898' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0083
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '34' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD_C>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Albert\Application Data\Thunderbird\Profiles\unn7klxy.default\Mail\Local Folders\Inbox
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "Quinton Holt" <frauke.danby@voller.dk>][Subject: Here is it][Message-ID: <01c801a4$909d9590$0a0e1255@frauke.danby>]144.mim
[1] Archive type: MIME
--> she.zip
[2] Archive type: ZIP
--> she.exe
[DETECTION] Contains detection pattern of the worm WORM/Ntech.L
[WARNING] The file was ignored!
C:\Documents and Settings\Albert\Application Data\Thunderbird\Profiles\unn7klxy.default\Mail\Local Folders\Junk
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[From: "Ericka Ashby" <tordis.dalzell@vaerloesefolkemu][Subject: Something hot][Message-ID: <01c7e62c$1f5e4610
$b6dbd359@tordis.dalzell>]160.mim
[1] Archive type: MIME
--> card.zip
[2] Archive type: ZIP
--> card.exe
[DETECTION] Contains detection pattern of the worm WORM/Ntech.I
--> Mailbox_[From: "Quinton Holt" <frauke.danby@voller.dk>][Subject: Here is it][Message-ID: <01c801a4$909d9590$0a0e1255@frauke.danby>]182.mim
[1] Archive type: MIME
--> she.zip
[2] Archive type: ZIP
--> she.exe
[DETECTION] Contains detection pattern of the worm WORM/Ntech.L
[WARNING] The file was ignored!
C:\Documents and Settings\Albert\Application Data\Thunderbird\Profiles\unn7klxy.default\Mail\Local Folders\Sent
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[Message-ID: <4720B23B.3040500@free.fr>][From: SAM Rabah <samrabah@free.fr>][Subject: ok]474.mim
[1] Archive type: MIME
--> keyfinder.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.4 program
[2] Archive type: RAR SFX (self extracting)
--> xpkey.exe
[DETECTION] Contains detection pattern of the SPR/Tool.XPKey program
--> officekey.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.3 program
--> Mailbox_[Message-ID: <4720B2D9.8020408@free.fr>][From: SAM Rabah <samrabah@free.fr>][Subject: ok]476.mim
[1] Archive type: MIME
--> kf151.zip
[2] Archive type: ZIP
--> keyfinder.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.4 program
[3] Archive type: RAR SFX (self extracting)
--> xpkey.exe
[DETECTION] Contains detection pattern of the SPR/Tool.XPKey program
--> officekey.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.3 program
--> Mailbox_[Message-ID: <4720B69B.4030101@free.fr>][From: SAM Rabah <samrabah@free.fr>][Subject: ok]480.mim
[1] Archive type: MIME
--> keyfinder.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.4 program
[2] Archive type: RAR SFX (self extracting)
--> xpkey.exe
[DETECTION] Contains detection pattern of the SPR/Tool.XPKey program
--> officekey.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.3 program
--> Mailbox_[Message-ID: <4720B878.8060203@free.fr>][From: SAM Rabah <samrabah@free.fr>][Subject: ok]484.mim
[1] Archive type: MIME
--> kf151.zip
[2] Archive type: ZIP
--> keyfinder.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.4 program
[3] Archive type: RAR SFX (self extracting)
--> xpkey.exe
[DETECTION] Contains detection pattern of the SPR/Tool.XPKey program
--> officekey.exe
[DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.3 program
[WARNING] The file was ignored!
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\pemq34ee.default\Cache\C2152591d01
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[INFO] The file was moved to '4814895e.qua'!
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\pemq34ee.default\Cache\CBCE481Ad01
[0] Archive type: ZIP SFX (self extracting)
--> ic3D3.cab
[1] Archive type: CAB (Microsoft)
--> ck.exe
[DETECTION] Contains detection pattern of the SPR/Tool.ProcKill.1 program
[INFO] The file was moved to '48268978.qua'!
Begin scan in 'F:\' <2_C>
F:\Jeux a sauvegarder\Jeux_Avoir\###More than 120 games cracked\Kyodai Mahjongg\keygen.exe "J'ai supprimer"
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was deleted!
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: vendredi 21 mars 2008 11:43
Used time: 1:18:14 min
The scan has been done completely.
6342 Scanning directories
357371 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
357352 Files not concerned
14195 Archives were scanned
4 Warnings
0 Notes
28898 Objects were scanned with rootkit scan
0 Hidden objects were found
Pourriez-vous m'aider.
Merci
SAM_R