Infecté Trojan.Phis + Generic.Peed.Em + JS.Fe

bboule22 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Merci de votre aide. de nombreux fichiers sont infectés (rapport de bitdefender on line). L'infection semble s'étendre (il y a quelques jours, le même scan avec bitdefender on line ne révélait que 3 infections

J'avais avast, mais je viens de passer à antivir. Ils ne détectent rien.
J'ai lancé spybot, avg anti spyware, ad square, ad ware, sophos : rien à signaler.
Je nettoie régulièrement avec ccleaner.

Mes symptômes : depuis une infection par cheval de troie repéré et détruit par avast, mon micro a eu des lenteurs inhabituelles. Certains programment ne fonctionnent plus correctement. Ex : thunderbird (blocages lors de l'utilisation de filtres, lenteurs énormes et blocage lorsque j'ai voulu changer le paramétrage des comptes utilisateurs) ou encore ez macro que j'ai besoin d'utiliser pour des enregistrements de séquences de touches et de souris (lorsque je lance les macros elles ne s'éxécutent pas correctement : elles bloquent à certains moments, les rendant inutilisables). Aujourd"hui, je ne vois plus "mes documents" dans le poste de travail....

J'ai suivi votre méthode préliminaire. Je ne poste pas le scan d'avg (car il n'a rien trouvé).

Vous trouverez le rapport de bitdefener, puis celui d'hitjacthis :


- le rapport de bitdefender:


BitDefender Online Scanner

Scan report generated at: Mon, Mar 24, 2008 - 04:04:56

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time

02:37:53

Files

1209617

Folders

9690

Boot Sectors

0

Archives

425363

Packed Files

29234

Results

Identified Viruses

53

Infected Files

55

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

55

Engines Info

Virus Definitions

1021906

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta

Infected with: JS.Feebs.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)

Infected with: Generic.Trojan.Phish.C316548C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)

Infected with: Generic.Trojan.Phish.31926682

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)

Infected with: Generic.Trojan.Phish.2556E52A

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)

Infected with: Generic.Trojan.Phish.517F47A3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)

Infected with: Generic.Trojan.Phish.8471D0C3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)

Infected with: Generic.Trojan.Phish.F4426419

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)

Infected with: Generic.Trojan.Phish.37BE24AF

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)

Infected with: Generic.Trojan.Phish.591A4999

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)

Infected with: Generic.Trojan.Phish.87BAC95C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)

Infected with: Generic.Trojan.Phish.8128FD57

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)

Infected with: Generic.Trojan.Phish.0C8DCC41

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)

Infected with: Generic.Trojan.Phish.A9EA141C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)

Infected with: Generic.Trojan.Phish.AE2E1E68

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)

Infected with: Generic.Trojan.Phish.0378CEC0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)

Infected with: Generic.Peed.Eml.F2A622C5

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)

Infected with: Generic.Peed.Eml.AB14D021

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)

Infected with: Generic.Peed.Eml.AF385539

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)

Infected with: Generic.Peed.Eml.B8D10211

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)

Infected with: Generic.Peed.Eml.89CE16D0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)

Infected with: Generic.Peed.Eml.CE2BACC6

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)

Infected with: Generic.Peed.Eml.23861448

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)

Infected with: Generic.Peed.Eml.6CA65881

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)

Infected with: Generic.Peed.Eml.B39036DB

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)

Infected with: Generic.Peed.Eml.F67C2584

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)

Infected with: Generic.Peed.Eml.F269C4D4

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)

Infected with: Generic.Peed.Eml.F4EF7ACC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)

Infected with: Generic.Peed.Eml.7CC973B9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)

Infected with: Generic.Peed.Eml.BB34CDC2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)

Infected with: Generic.Peed.Eml.C12ECC42

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)

Infected with: Generic.Peed.Eml.560F0A0C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)

Infected with: Generic.Peed.Eml.80F4FA95

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)

Infected with: Generic.Peed.Eml.FB203BF2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)

Infected with: Generic.Peed.Eml.1FEC2028

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)

Infected with: Generic.Peed.Eml.B7F0CD66

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)

Infected with: Generic.Peed.Eml.253E3303

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)

Infected with: Generic.Peed.Eml.3FE02C4C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)

Infected with: Generic.Peed.Eml.05DB912C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)

Infected with: Generic.Peed.Eml.1F749599

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)

Infected with: Generic.Peed.Eml.2861DFB9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)

Infected with: Generic.Peed.Eml.A664632C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)

Infected with: Generic.Peed.Eml.40AD57CC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)

Infected with: Generic.Peed.Eml.D96FB8ED

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)

Infected with: Generic.Peed.Eml.4AF23649

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf

Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf

Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf

Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf

Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf

Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)

Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox

Updated

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)

Detected with: Application.VTesttool.A

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)

Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)

Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)

Detected with: Application.VTesttool.B

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)

Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)

Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)

Detected with: Application.VTesttool.C

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)

Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)

Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)

Infected with: Generic.Peed.Eml.F12161EF

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)

Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)

Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)

Infected with: Generic.Peed.Eml.F9DDC72C

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)

Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)

Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)

Infected with: Generic.Peed.Eml.3E1CBA4A

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)

Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)

Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)

Infected with: Generic.Peed.Eml.02B200C1

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)

Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)

Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox

Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)

Infected with: Generic.Peed.Eml.99D861C7

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)

Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)

Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox

Update failed

- le rapport hitjacthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:43, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Basta Computing\Buzof\Buzof.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\American Systems\EZ Macros\EZMacros.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 10406 bytes

Merci encore par avance.
Cordialement.
Configuration: Windows XP
Firefox 2.0.0.12

28 réponses

  • 1
  • 2
Résumé de la discussion

Problème central : un poste est fortement infecté par une série de malwares détectés par BitDefender Online Scanner, l’infection semblant s’étendre et provoquer des lenteurs et des blocages système.
Plusieurs antivirus et outils de nettoyage ont été testés (Avast, AVG Anti-Spyware, Spybot, Ad-Aware, Sophos) sans désinfection unanime, certaines menaces restant détectables ou récalcitrantes.
Le rapport BitDefender signale 53 virus identifiés et 55 fichiers infectés, avec des tentatives de désinfection échouées et des infections dans Thunderbird Local Folders associées à des pièces jointes HTML et à des échantillons comme JS.Feebs.Gen et Trojan.Phish.
D'autres symptômes évoquent des ralentissements du micro et des blocages dans Thunderbird et EzMacro, et la disparition des documents dans le poste de travail apporte une dimension critique au diagnostic.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt, la majorité des infections sont dans ta messagrerie thundirbird, vire les message de thundirbird douteux voir tout...

    _________

    AVG antispyware
    https://www.01net.com/telecharger/
    http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    ____________

    Fais un clic droit sur ce lien : (IL-MAFIOSO)
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
    1. bboule22
       
      Re,

      Voilà, j'ai viré un maximum de messages dans thunderbird (nb : certains dossiers ne veulent pas être supprimés).

      J'ai lancé AVG, il n'a rien trouvé d'autre qu'un cookie, et n'a pas génénré de rapport.

      J'ai installé navilog et ai suivi la procédure. Voici le rapport :

      Search Navipromo version 3.5.1 commencé le 24/03/2008 à 16:04:53.39

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "elsa"

      Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 7.0.5730.11
      Système de fichiers : FAT32

      Executé en mode normal

      *** Recherche Programmes installés ***




      *** Recherche dossiers dans C:\WINDOWS ***



      *** Recherche dossiers dans C:\Program Files ***



      *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




      *** Recherche dossiers dans "C:\Documents and Settings\elsa\applic~1" ***



      *** Recherche dossiers dans "C:\Documents and Settings\elsa\locals~1\applic~1" ***



      *** Recherche dossiers dans "C:\Documents and Settings\elsa\menud+~1\progra~1" ***


      *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun Fichier trouvé



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans C:\WINDOWS\system32 *

      * Recherche dans "C:\Documents and Settings\elsa\locals~1\applic~1" *

      * Recherche dans "C:\docume~1\axel\locals~1\applic~1" *

      * Recherche dans "C:\docume~1\bertrand\locals~1\applic~1" *

      * Recherche dans "C:\docume~1\roxanne\locals~1\applic~1" *

      * Recherche dans "C:\docume~1\xp\locals~1\applic~1" *

      * Recherche dans "C:\docume~1\livebox\locals~1\applic~1" *



      *** Recherche fichiers ***




      *** Recherche clés spécifiques dans le Registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans C:\WINDOWS\system32 :


      * Dans "C:\Documents and Settings\elsa\locals~1\applic~1" :


      * Dans "C:\docume~1\axel\locals~1\applic~1" :


      * Dans "C:\docume~1\bertrand\locals~1\applic~1" :


      * Dans "C:\docume~1\roxanne\locals~1\applic~1" :


      * Dans "C:\docume~1\xp\locals~1\applic~1" :


      * Dans "C:\docume~1\livebox\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche fichiers connus :



      *** Analyse terminée le 24/03/2008 à 16:06:56.39 ***


      Merci. Dans l'attente de votre réponse.

      Cordialement.
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com

    ________
    recolle un rapport bitdefender
    0
  3. bboule22
     
    Bonsoir,

    Voilà j'ai bien désactivé la restauration systeme, puis je l'ai réactivée (avec un nouveau point de restauration).

    Puis j'ai relancé un scan on line avec bitdefender. Voilà le rapport :

    BitDefender Online Scanner

    Scan report generated at: Mon, Mar 24, 2008 - 19:42:12

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

    Statistics

    Time
    02:38:17

    Files
    1219716

    Folders
    9409

    Boot Sectors
    4

    Archives
    435450

    Packed Files
    28640

    Results

    Identified Viruses
    51

    Infected Files
    51

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    51

    Engines Info

    Virus Definitions
    1022055

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    16

    Archive plugins
    41

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    5

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
    Infected with: Generic.Trojan.Phish.C316548C

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
    Infected with: Generic.Trojan.Phish.31926682

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
    Infected with: Generic.Trojan.Phish.2556E52A

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
    Infected with: Generic.Trojan.Phish.517F47A3

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
    Infected with: Generic.Trojan.Phish.8471D0C3

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
    Infected with: Generic.Trojan.Phish.F4426419

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
    Infected with: Generic.Trojan.Phish.37BE24AF

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
    Infected with: Generic.Trojan.Phish.591A4999

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
    Infected with: Generic.Trojan.Phish.87BAC95C

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
    Infected with: Generic.Trojan.Phish.8128FD57

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
    Infected with: Generic.Trojan.Phish.0C8DCC41

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
    Infected with: Generic.Trojan.Phish.A9EA141C

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
    Infected with: Generic.Trojan.Phish.AE2E1E68

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
    Infected with: Generic.Trojan.Phish.0378CEC0

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
    Infected with: Generic.Peed.Eml.F2A622C5

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
    Infected with: Generic.Peed.Eml.AB14D021

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
    Infected with: Generic.Peed.Eml.AF385539

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
    Infected with: Generic.Peed.Eml.B8D10211

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
    Infected with: Generic.Peed.Eml.89CE16D0

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
    Infected with: Generic.Peed.Eml.CE2BACC6

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
    Infected with: Generic.Peed.Eml.23861448

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
    Infected with: Generic.Peed.Eml.6CA65881

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
    Infected with: Generic.Peed.Eml.B39036DB

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
    Infected with: Generic.Peed.Eml.F67C2584

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
    Infected with: Generic.Peed.Eml.F269C4D4

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
    Infected with: Generic.Peed.Eml.F4EF7ACC

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
    Infected with: Generic.Peed.Eml.7CC973B9

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
    Infected with: Generic.Peed.Eml.BB34CDC2

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
    Infected with: Generic.Peed.Eml.C12ECC42

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
    Infected with: Generic.Peed.Eml.560F0A0C

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
    Infected with: Generic.Peed.Eml.80F4FA95

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
    Infected with: Generic.Peed.Eml.FB203BF2

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
    Infected with: Generic.Peed.Eml.1FEC2028

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
    Infected with: Generic.Peed.Eml.B7F0CD66

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
    Infected with: Generic.Peed.Eml.253E3303

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
    Infected with: Generic.Peed.Eml.3FE02C4C

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
    Infected with: Generic.Peed.Eml.05DB912C

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
    Infected with: Generic.Peed.Eml.1F749599

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
    Infected with: Generic.Peed.Eml.2861DFB9

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
    Infected with: Generic.Peed.Eml.A664632C

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
    Infected with: Generic.Peed.Eml.40AD57CC

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
    Infected with: Generic.Peed.Eml.D96FB8ED

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
    Infected with: Generic.Peed.Eml.4AF23649

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
    Disinfection failed

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
    Deleted

    C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)
    Detected with: Application.VTesttool.A

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)
    Deleted

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)
    Update failed

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)
    Detected with: Application.VTesttool.B

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)
    Deleted

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)
    Update failed

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)
    Detected with: Application.VTesttool.C

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)
    Deleted

    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)
    Update failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
    Infected with: Generic.Peed.Eml.F12161EF

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
    Disinfection failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
    Deleted

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
    Infected with: Generic.Peed.Eml.F9DDC72C

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
    Disinfection failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
    Deleted

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
    Infected with: Generic.Peed.Eml.3E1CBA4A

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
    Disinfection failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
    Deleted

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
    Infected with: Generic.Peed.Eml.02B200C1

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
    Disinfection failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
    Deleted

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
    Update failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
    Infected with: Generic.Peed.Eml.99D861C7

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
    Disinfection failed

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
    Deleted

    C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
    Update failed

    J'ai l'impression que c'est de pire en pire ... J'avais pourtant supprimé beaucoup de messages (ex : dans l'utilisateur "bertrand", j'ai quasiment tout supprimé). Faut-il tout supprimer ?

    Merci. Dans l'attente de votre réponse.

    Cordialement.
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire le dossier setup manuellement en alant dans poste de travail puis
    C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe

    ensuite tous les autres sont dans ta messagerie thundirbird!
    0
    1. bboule22
       
      Bonsoir,

      J'ai bien viré le fichier setup.exe.
      Et dans Thundirbird. J'ai fait le grand ménage. Ne subsiste que les messages que je dois garder.

      Que dois-je faire maintenant ?

      Merci beaucoup.

      Cordialement.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  7. bboule22
     
    Re,

    Voilà, j'ai installé à nouveau hijackthis, après l'avoir renommé, dans le répertoire que tu m'as conseillé de créer. Voilà le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:26:44, on 24/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Basta Computing\Buzof\Buzof.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\American Systems\EZ Macros\EZMacros.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'bertrand')
    O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1007\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe" (User 'bertrand')
    O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1007\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'bertrand')
    O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'xp')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
    O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
    O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  8. bboule22
     
    Bonjour jlpjlp,

    J'espère que vous allez bien aujourd'hui.

    Je ne sais pas si vous avez vu ma réponse en date d'hier soir avec le rapport d'hijackthis.
    Mais peut être que vous n'avez pas eu le temps.

    Merci encore par avance et dans l'attente de votre réponse.

    Cordialement.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    tu as beaucoups de barre dans internet fais le menage et garde en pas plus de 3:

    netXfer
    Windows Live Sign-in Helper
    Google Toolbar Helper
    Copernic
    &Yahoo! Toolbar
    RoboForm
    ...........
    _______________________

    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
    O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
    O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab

    __________

    boonty est aussi source de pub si tu ne l'utilise pas vire le

    _____________

    sinon rien de special ton infection est dans tes message de thundirbird il faut faire le menage...

    peut etre essaye de regler antivir pour qu'il scanne ta messagerie

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis
    clique sur general puis email et configure la protection de ta messageri
    0
    1. bboule22
       
      Re,

      Merci pour ta réponse.

      1- Dans antivir, j'ai suivi tes instructions, mais il n'y a pas de paramétrage pour le scan des messages. Juste une indication pour le serveur smtp pour faire un test d'envoi....

      2- Boonty, je ne sais pas ce que c'est. Un programme ? je ne vois rien dans la liste des programmes qui corresponde à cela. Sinon, comment l'enlever ?

      3- Les barres dans internet que tu évoques sont dans IE, que je n'utilise quasiment plus jamais... D'accord avec toi, la plupart des barres ne me servent à rien. Mais par contre, comment les désintaller ?

      4 - Enfin, et surtout, comme je te le disais, j'ai fais le grand ménage dans les messages. Chez "Bertrand" il n'y a plus rien et pourtant bitdefender indiquait toujours des fichiers infectés (tu trouves ça normal ?). Chez "Elsa" j'ai supprimé tout ce qui pouvait l'être. le reste je dois conserver ; je n'ai pas refait de scan depuis, je vais en faire un et je te tiens au courant.

      A noter, lors du dernier scan avec bitdefender, j'ai eu un message d'erreur indiquant qu'il ne pouvait mettre à jour la base de donnée virale..... j'ai lancé le scan quand même.


      Merci encore.

      Dans l'attente de ta réponse.

      @+
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour virer les barres dans internet tu vas dans ton panneau de configuration puis AJOUT/SUPPRESSION de PROGRAMMe et tu vire les barres non utilisées

    ______________

    pour virer boonty: ( permet de faire des jeux sur internet mais associé a des sponsors...)

    « Démarrer » > « Executer » > taper cmd > valide par ok

    dans la fenetre noire tape ceci en respectant bien les espaces et guillemets

    sc stop "Boonty Games" ==> [Enter]
    sc config "Boonty Games" start= disabled ==> [Enter]
    sc delete "Boonty Games" ==> [Enter]

    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\boontyGames
    C:\Program Files\boonty

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

    post le rapport de ot_move it ainsi qu´un nouveau hijack this

    ___________________

    pour bitdefender , refais en un et colle le rapport
    0
    1. bboule22
       
      Re,


      Merci pour ta réponse.

      Pour boonty, je m'en occupe un peu plus tard.

      Voici le nouveau rapport de bitdefender, toujours les mêmes infections alors que j'ai viré quasiment tous les messages et qu'il ne reste plus que ceux que je dois conserver. Il y un truc qui cloche. De plus, j'ai encore eu le meme message d'erreur au lancement du scan (échec pour la mise à jour de la base virale).


      BitDefender Online Scanner



      Scan report generated at: Tue, Mar 25, 2008 - 17:30:26





      Scan path: C:\Documents and Settings\elsa;C:\Documents and Settings\bertrand;







      Statistics

      Time
      02:01:50

      Files
      944781

      Folders
      3279

      Boot Sectors
      4

      Archives
      439683

      Packed Files
      15173




      Results

      Identified Viruses
      48

      Infected Files
      48

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      48




      Engines Info

      Virus Definitions
      1022992

      Engine build
      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Scan plugins
      16

      Archive plugins
      41

      Unpack plugins
      7

      E-mail plugins
      6

      System plugins
      5




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
      Infected with: Generic.Trojan.Phish.C316548C

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
      Infected with: Generic.Trojan.Phish.31926682

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
      Infected with: Generic.Trojan.Phish.2556E52A

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
      Infected with: Generic.Trojan.Phish.517F47A3

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
      Infected with: Generic.Trojan.Phish.8471D0C3

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
      Infected with: Generic.Trojan.Phish.F4426419

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
      Infected with: Generic.Trojan.Phish.37BE24AF

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
      Infected with: Generic.Trojan.Phish.591A4999

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
      Infected with: Generic.Trojan.Phish.87BAC95C

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
      Infected with: Generic.Trojan.Phish.8128FD57

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
      Infected with: Generic.Trojan.Phish.0C8DCC41

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
      Infected with: Generic.Trojan.Phish.A9EA141C

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
      Infected with: Generic.Trojan.Phish.AE2E1E68

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
      Infected with: Generic.Trojan.Phish.0378CEC0

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
      Infected with: Generic.Peed.Eml.F2A622C5

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
      Infected with: Generic.Peed.Eml.AB14D021

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
      Infected with: Generic.Peed.Eml.AF385539

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
      Infected with: Generic.Peed.Eml.B8D10211

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
      Infected with: Generic.Peed.Eml.89CE16D0

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
      Infected with: Generic.Peed.Eml.CE2BACC6

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
      Infected with: Generic.Peed.Eml.23861448

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
      Infected with: Generic.Peed.Eml.6CA65881

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
      Infected with: Generic.Peed.Eml.B39036DB

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
      Infected with: Generic.Peed.Eml.F67C2584

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
      Infected with: Generic.Peed.Eml.F269C4D4

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
      Infected with: Generic.Peed.Eml.F4EF7ACC

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
      Infected with: Generic.Peed.Eml.7CC973B9

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
      Infected with: Generic.Peed.Eml.BB34CDC2

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
      Infected with: Generic.Peed.Eml.C12ECC42

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
      Infected with: Generic.Peed.Eml.560F0A0C

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
      Infected with: Generic.Peed.Eml.80F4FA95

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
      Infected with: Generic.Peed.Eml.FB203BF2

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
      Infected with: Generic.Peed.Eml.1FEC2028

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
      Infected with: Generic.Peed.Eml.B7F0CD66

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
      Infected with: Generic.Peed.Eml.253E3303

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
      Infected with: Generic.Peed.Eml.3FE02C4C

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
      Infected with: Generic.Peed.Eml.05DB912C

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
      Infected with: Generic.Peed.Eml.1F749599

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
      Infected with: Generic.Peed.Eml.2861DFB9

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
      Infected with: Generic.Peed.Eml.A664632C

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
      Infected with: Generic.Peed.Eml.40AD57CC

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
      Infected with: Generic.Peed.Eml.D96FB8ED

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
      Infected with: Generic.Peed.Eml.4AF23649

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
      Disinfection failed

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
      Deleted

      C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
      Infected with: Generic.Peed.Eml.F12161EF

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
      Disinfection failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
      Deleted

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
      Infected with: Generic.Peed.Eml.F9DDC72C

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
      Disinfection failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
      Deleted

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
      Infected with: Generic.Peed.Eml.3E1CBA4A

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
      Disinfection failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
      Deleted

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
      Infected with: Generic.Peed.Eml.02B200C1

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
      Disinfection failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
      Deleted

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
      Update failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
      Infected with: Generic.Peed.Eml.99D861C7

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
      Disinfection failed

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
      Deleted

      C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
      Update failed




      De plus j'ai toujours les mêmes symptomes qu'au début.

      Nb : je ne sais si ça peut t'aider, mais j'ai souvent des message sans objet, sans émetteur ni destinataire et dont la date est du 1/01/1970.


      Merci encore. dans l'attente de ta réponse.
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok tout est dans ta messagerie il faudrait virer tous les message... sauf ceux auxquels tu tiens vraiment et on verra
    0
  12. bboule22
     
    Bonjour jlpjlp,

    J'espère que tu vas bien.

    Bon, j'ai supprimé tous les messages sauf ceux auxquels je tiens vraiment (ceux qui restent concernent l'utilisateur "elsa").

    Pour l'utilisateur bertrand, il n'y a plus aucun message dans thunderbird.
    Certains dossiers ne voulaient pas être supprimés (ce qui n'est pas normal). Je suis allée voir dans le répertoire sensé héberger les messages infectés (C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\).
    Il y a un dossier intitulé inbox.sbd dans lequel j'ai tout viré (il y avait des noms de dossiers et de fichiers que j'avais pourtant viré de la messagerie il y a un moment ; Après ça dans la messagerie les dossiers qui ne voulaient pas disparaitre n'étaient plus là). Je trouve ça étrange.
    Mais surtout, le fichier inbox, celui qui contient les messages infectés était de 1 143 949 ko (et ce matin de 1 144 740 ko alors que je ne l'ai pas ouverte depuis)! Je ne comprends pas, puisque la boite de bertrand est entièrement vide !

    J'ai relancé un scan avec bitdefender en ne demandant que l'analyse de C:\Documents and Settings\bertrand\ et il a toujours détecté les mêmes problèmes (les 4 mêmes messages infectés) ;je ne recolle pas le rapport, cela me semble identique. Et toujours un échec pour mettre à jour la base de donnée virale au lancement du scan.

    Enfin, au lancement de la session de bertrand, j'ai eu un message d'erreur du type "MMAgent.exe" ne peut s'executer" et à la fermeture un autre du genre "Kpk4gui.exe; l'initialisation de la dll a échoué."

    Windows me propose en cas d'arrêt du micro d'installer des mises à jour. Je fais ou pas ?

    Que penses-tu de tout ça ?

    Merci par avance de ta réponse.
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    essaye d'analyser le fichier en question avec antivir (clique avec le bouton droit sur le dossier)

    _________

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/

    ___________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ___________

    mets a jour windows

    __________
    verifie avec bitdefender si encore des infections (si c'est le cas supprime les fichiers en question avec
    eraser
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/6615.html
    0
    1. bboule22
       
      Re,

      pour combofix, il avait déjà été installé sur mon micro en mai 2007. Dans le dossier conbofix, il y a plein de fichiers. Est-ce que je dois tout supprimer, et réintaller une version à jour ?
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui vire tout et reinstalle la derniere version
    0
  15. bboule22
     
    Re,

    J'ai trouvé ! Il fallait tout simplement effectuer un compactage sous thunderbird. Tant qu'il n'est pas effectué, le fichier inbox continue de garder les messages effacés.
    J'ai donc compacté sous les deux utilisateurs, les fichiers inbox ont été "vidés" et bitdefender ne trouve plus rien.

    Voilà quand même le rapport de combofix que tu m'avais demandé :

    ComboFix 08-03-25.4 - elsa 2008-03-26 12:38:24.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.167 [GMT 1:00]

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-26 12:08 . 2008-03-26 12:08 <REP> d-------- C:\Program Files\CCleaner
    2008-03-24 21:21 . 2008-03-24 21:21 <REP> d-------- C:\Hijackthis
    2008-03-24 16:02 . 2008-03-24 16:02 <REP> d-------- C:\Program Files\Navilog1
    2008-03-24 13:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-03-24 13:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-03-24 00:44 . 2008-03-24 00:44 <REP> d--hs---- C:\FOUND.012
    2008-03-23 22:26 . 2008-03-23 22:26 <REP> d-------- C:\Program Files\Lavasoft
    2008-03-23 22:26 . 2008-03-23 22:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-23 22:25 . 2008-03-23 22:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-23 20:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-03-23 17:44 . 2008-03-23 17:44 <REP> d-------- C:\Program Files\Avira
    2008-03-23 17:44 . 2008-03-23 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-23 16:58 . 2008-03-23 16:58 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-12 21:03 . 2008-03-12 21:03 <REP> d--hs---- C:\FOUND.011

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-21 15:09 1,454 ----a-w C:\Program Files\PRN112.TXT
    2008-03-21 15:07 105 ----a-w C:\Program Files\modprof.ini
    2008-02-14 14:42 26,775 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-02-09 14:56 739,240 ----a-w C:\Program Files\vnc-4_1_2-x86_win32.exe
    2008-01-31 05:45 --------- d-----w C:\Program Files\a-squared Free
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-12-24 17:56 6,583,976 ----a-w C:\Program Files\Opera_9.25_International_Setup.exe
    2007-12-02 14:23 49 ----a-w C:\Program Files\LAUREATS CAMPUS PROF.url
    2007-12-02 14:23 105,438 ----a-w C:\Program Files\uninst.exe
    2007-11-10 18:49 827,377 ----a-w C:\Program Files\hideippla.exe
    2007-10-31 15:47 2,796,584 ----a-w C:\Program Files\AiRoboForm.exe
    2006-12-20 12:27 7,799,000 ----a-w C:\Program Files\kerio-personal-firewall_kerio_personal_firewall_4.3.268_francais_11071.exe
    2006-09-01 14:14 966,656 ----a-w C:\Program Files\ldirect.exe
    2006-08-23 08:55 877,367 ----a-w C:\Program Files\MODPROF.EXE
    2005-10-28 13:05 1,763,840 ----a-w C:\Program Files\CLIENT.exe
    2005-08-18 12:52 387,631 ----a-w C:\Program Files\impexp.exe
    2004-11-11 07:31 119,808 ----a-w C:\Program Files\UnzDll.dll
    2004-11-11 07:04 137,728 ----a-w C:\Program Files\ZipDll.dll
    2004-09-17 12:59 11,647 ----a-w C:\Program Files\LisezMoi.txt
    2004-07-07 08:57 1,143,808 ----a-w C:\Program Files\XPRINTER.EXE
    2003-08-29 09:49 323,887 ----a-w C:\Program Files\majbasep.exe
    2003-08-20 07:34 832,512 ----a-w C:\Program Files\mailprof.exe
    2003-03-27 12:49 2,275 ----a-w C:\Program Files\suppprof.htm
    2003-01-15 09:05 129 ----a-w C:\Program Files\mailprof.ini
    2002-02-26 14:37 17,078 ----a-w C:\Program Files\f8.xmp
    2001-07-17 14:42 29,118 ----a-w C:\Program Files\f4.xmp
    2001-07-13 09:49 4,070 ----a-w C:\Program Files\f5.xmp
    2001-05-04 11:29 8,118 ----a-w C:\Program Files\f6.xmp
    2001-05-03 16:53 32,118 ----a-w C:\Program Files\f7.xmp
    2001-03-29 16:22 205,366 ----a-w C:\Program Files\f2.xmp
    2000-11-20 00:01 61,440 ----a-w C:\Program Files\Cookies Manager.exe
    2000-11-20 00:01 316 ----a-w C:\Program Files\file_id.diz
    1997-07-01 01:50 248,000 ----a-w C:\Program Files\DATEDLL.DLL
    1995-11-13 03:00 766 ----a-w C:\Program Files\MODPROF.ICO
    1994-09-15 23:00 108,544 ----a-w C:\Program Files\COMPOBJ.DLL
    1994-04-18 23:00 994,496 ----a-w C:\Program Files\MSAJT200.DLL
    1994-04-10 23:00 17,440 ----a-w C:\Program Files\MSAJT112.DLL
    1994-03-23 23:00 95,200 ----a-w C:\Program Files\VBDB300.DLL
    1994-03-10 15:44 97,984 ----a-w C:\Program Files\CSTEXT.VBX
    1994-02-23 09:58 55,264 ----a-w C:\Program Files\QPRO200.DLL
    1994-02-08 01:18 324,112 ----a-w C:\Program Files\TRUEGRID.VBX
    1994-01-28 13:28 22,368 ----a-w C:\Program Files\CSSPIN.VBX
    1993-11-08 11:57 7,712 ----a-w C:\Program Files\CSMETER.VBX
    1993-11-01 02:11 98,736 ----a-w C:\Program Files\COMMDLG.DLL
    1993-07-20 02:01 36,096 ----a-w C:\Program Files\CSFORM.VBX
    1993-05-11 23:00 398,416 ----a-w C:\Program Files\VBRUN300.DLL
    1993-04-27 23:00 72,192 ----a-w C:\Program Files\GSWDLL.DLL
    1993-04-27 23:00 70,800 ----a-w C:\Program Files\GRAPH.VBX
    1993-04-27 23:00 64,544 ----a-w C:\Program Files\THREED.VBX
    1993-04-27 23:00 44,656 ----a-w C:\Program Files\GRID.VBX
    1993-04-27 23:00 286,720 ----a-w C:\Program Files\GSW.EXE
    1993-04-27 23:00 25,648 ----a-w C:\Program Files\KEYSTAT.VBX
    1993-04-27 23:00 18,688 ----a-w C:\Program Files\CMDIALOG.VBX
    1993-04-27 23:00 13,824 ----a-w C:\Program Files\VBOA300.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 23:51 68856]
    "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-01 18:24 160592]
    "AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]
    "VTTimer"="VTTimer.exe" [2005-05-13 12:57 53248 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2005-05-13 12:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
    "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40 110592]
    "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-01 14:25 421888]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
    "eCarteBleue-BP"="C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" [2003-06-20 11:09 188416]
    "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768]
    "InvisibleBrowsing"="" []
    "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 07:32 126976]
    "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 07:16 57344]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-23 17:47 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    C:\Documents and Settings\xp\Menu D‚marrer\Programmes\D‚marrage\
    Buzof.lnk - C:\Program Files\Basta Computing\Buzof\Buzof.exe [2007-06-10 18:22:24 666112]
    Raccourci vers TCLOCKEX.EXE.lnk - D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE [2007-07-09 11:06:41 89088]

    C:\Documents and Settings\elsa\Menu D‚marrer\Programmes\D‚marrage\
    Buzof.lnk - C:\Program Files\Basta Computing\Buzof\Buzof.exe [2007-06-10 18:22:24 666112]
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-31 12:43:49 344064]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12338:TCP"= 12338:TCP:NortonAV
    "5900:TCP"= 5900:TCP:vnc
    "5900:UDP"= 5900:UDP:vnc
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
    R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
    R2 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
    R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-10-29 11:38]
    S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\56.tmp []
    S3 ProtoWall;ProtoWall Defender;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\livebox.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\Auto\command - AdobeR.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-08-14 11:52:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-26 11:19:02 C:\WINDOWS\Tasks\magiclic.job"
    - D:\&amyriam\prog courrants\magiclic.exe
    "2007-08-26 13:59:20 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 12:44:32
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\C:\WINDOWS\system32\56.tmp"
    .
    Temps d'accomplissement: 2008-03-26 12:46:29
    ComboFix2.txt 2007-05-05 21:01:52
    ComboFix-quarantined-files.txt 2008-03-26 11:46:24
    .
    2008-03-26 11:01:14 --- E O F ---

    ------------------------
    J'ai toujours un message d'erreur au lancement de la session de l'utilisateur bertrand, m'indiquant que MMAgent.exe ne peut s'exécuter. Qu'est-ce que ça veut dire ? C'est un problème de sécurité ?

    -----------------------

    Sinon, pour Boonty Games, j'ai voulu suivre ta procédure pour le virer, mais dès le début j'ai un problème après avoir executer la commande "cmd", lorsque je saisie : sc stop "Boonty Games" et que je fais enter , il me dit que ça n'a pu démarré....
    ------------------------
    Pour les barres d'outils indésirables, je n'ai rien dans ajout/suppression de programmes qui évoque "yahoo" toolbar" et Windows Live Sign-in Helper... comment faire pour les désinstaller ?

    ------------------------

    et surtout ce qui m'embête, c'est que Ez macro continue de bugger lors de l'exécution de séquences de touches et de clics enregistrés. Penses -tu que je peux avoir de l'aide sur un autre forum pour ce problème ? (qui ne semble apparemment pas lié à un malware.... ) Pourtant cela fait deux ans que je l'utilise sans probleme ; je comprends pas...

    En tout cas, encore une fois merci pour ton aide.

    Dans l'attente de ta réponse.
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait si tu as reussis! je note ta procedure pour les prochains!

    _____________

    Télécharge MSNFix de Laurent
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

    envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr pour faire evoluer msnfix

    _______________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    _______________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    C:\Program Files\Xi\NetXfer\NXToolBar.dll
    C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Basta Computing\Buzof\Buzof.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    C:\Program Files\Xi\NetXfer
    C:\Program Files\Xi\NetXfer\NXAddList.html
    C:\Program Files\Xi\NetXfer\NXAddLink.html
    C:\Program Files\Siber Systems\AI RoboForm
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\boontyGames
    C:\Program Files\boonty

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    __________________
    reinstalle
    Ez macro
    ___________________

    encore des soucis???
    0
    1. bboule22
       
      Re,

      Merci pour ta réponse, je vais m'occuper de tout ça, mais une question avant : j'utilise très fréquemment roboform (c'est un logiciel que j'ai acheté en toute légalité) et jusqu'à présent je n'ai pas constaté de problème avec son utilisation. Faut-il que je supprime avec MoveIt! les lignes concernant roborform. Idem pour les opérations avec hijackthis ?
      0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok si tu veux garder roboform ne coche pas les lignes et fais ceci:

    msnfix pour voir

    _______________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
    O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    ________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    C:\Program Files\Xi\NetXfer\NXToolBar.dll
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\Program Files\Basta Computing\Buzof\Buzof.exe
    C:\Program Files\Xi\NetXfer
    C:\Program Files\Xi\NetXfer\NXAddList.html
    C:\Program Files\Xi\NetXfer\NXAddLink.html
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\boontyGames
    C:\Program Files\boonty

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    __________________
    reinstalle
    Ez macro
    ___________________

    encore des soucis???
    0
    1. bboule22
       
      Bonjour jlpjlp,

      Désolée pour cette réponse tardive, mais boulot oblige.

      Voilà où j'en suis :


      Impossible de désintaller ez macro. J'ai bien fait supprimer ez macro dans ajout/suppression de programme. Il a disparu de la liste mais était toujours actif. Dans "programme files", j'ai voulu supprimer le dossier "american system" dans lequel il est installé, mais l'appli ainsi que deux autres fichiers ne peuvent pas être supprimés manuellement.

      -----------------------------------------------

      voici le rapport msnfix demandé :

      MSNFix 1.691

      C:\Documents and Settings\elsa\Local Settings\Temp\MSNFix\MSNFix
      Fix exécuté le 26/03/2008 - 18:57:07.68 By elsa
      mode normal

      ************************ Recherche les fichiers présents

      Aucun Fichier trouvé

      ************************ Recherche les dossiers présents

      Aucun dossier trouvé


      ************************ Fichiers suspects

      /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

      [C:\WINDOWS\system32\WinFXDocObj.exe] 660336AD0305C852122C5EEBBACE9BAF
      [C:\AdbeRdr705_fra_full.exe] 4C3ADE8567FBEC22DB8DDC38C4312EAB
      [C:\a2freesetup.exe] 512607823A0DC510D42A023EC1B096C7

      [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\elsa\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      --------------------------------------------- END ---------------------------------------------

      ------------------------------------------------

      Avec MoveIt, j'ai supprimé les lignes que tu m'indiquais. Voici le rapport :

      [Custom Input]
      < C:\Program Files\Xi\NetXfer\NXIEHelper.dll >
      File/Folder C:\Program Files\Xi\NetXfer\NXIEHelper.dll not found.
      < C:\Program Files\Xi\NetXfer\NXToolBar.dll >
      C:\Program Files\Xi\NetXfer\NXToolBar.dll unregistered successfully.
      C:\Program Files\Xi\NetXfer\NXToolBar.dll moved successfully.
      < C:\Program Files\MarkAny\ContentSafer\MAAgent.exe >
      C:\Program Files\MarkAny\ContentSafer\MaAgent.exe moved successfully.
      < C:\Program Files\Basta Computing\Buzof\Buzof.exe >
      C:\Program Files\Basta Computing\Buzof\Buzof.exe moved successfully.
      < C:\Program Files\Xi\NetXfer >
      C:\Program Files\Xi\NetXfer\Help\skv moved successfully.
      C:\Program Files\Xi\NetXfer\Help\rus moved successfully.
      C:\Program Files\Xi\NetXfer\Help\rom moved successfully.
      C:\Program Files\Xi\NetXfer\Help\images\skv moved successfully.
      C:\Program Files\Xi\NetXfer\Help\images\rus moved successfully.
      C:\Program Files\Xi\NetXfer\Help\images\rom moved successfully.
      C:\Program Files\Xi\NetXfer\Help\images\far moved successfully.
      C:\Program Files\Xi\NetXfer\Help\images\eng moved successfully.
      C:\Program Files\Xi\NetXfer\Help\images\chs moved successfully.
      C:\Program Files\Xi\NetXfer\Help\images moved successfully.
      C:\Program Files\Xi\NetXfer\Help\far moved successfully.
      C:\Program Files\Xi\NetXfer\Help\eng moved successfully.
      C:\Program Files\Xi\NetXfer\Help\chs moved successfully.
      C:\Program Files\Xi\NetXfer\Help moved successfully.
      C:\Program Files\Xi\NetXfer moved successfully.
      < C:\Program Files\Xi\NetXfer\NXAddList.html >
      File/Folder C:\Program Files\Xi\NetXfer\NXAddList.html not found.
      < C:\Program Files\Xi\NetXfer\NXAddLink.html >
      File/Folder C:\Program Files\Xi\NetXfer\NXAddLink.html not found.
      < C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe >
      C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe moved successfully.
      < C:\Program Files\Fichiers communs\BOONTY Shared >
      C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
      C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.
      < C:\Program Files\boontyGames >
      File/Folder C:\Program Files\boontyGames not found.
      < C:\Program Files\boonty >
      File/Folder C:\Program Files\boonty not found.

      OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03262008_194958



      ---------------------------------------------------

      avec HijackThis j'ai fixé les lignes que tu m'indiquais sauf celles relatives à roboform.


      ---------------------------------------------------


      Enfin, sur la session de l'utilisateur bertrand, plus de message au lancement concernant MAAgent.exe, mais toujours un message d'erreur à la fermeture de la session du type " kpf4gui.exe ; initialisation de la dll a échoué"



      ------------------------------------------------------------


      Merci encore pour tout.

      Dans l'attente de ta réponse.
      0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ce fichiers sur virus total et si infécté tu le vire: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\WinFXDocObj.exe

    _______________

    kpf4gui.exe c'est en general le parefeu subelt (kerio) essaye de le réinstaller pour voir

    ________________

    recolle un hijakchits
    0
  19. bboule22
     
    Bonjour jlpjlp,

    Merci pour ta réponse.

    L'analyse avec virus total n'a rien donné.

    Je vais maintenant réinstaller Kerio. Pour confirmation : je le désinstalle bien d'abord avec la suppression de programme ?
    A noter, c'est étrange que j'ai deux Kerio dans la liste (!) : un "sunbelt personnal firewall" et un "sunbelt kerio personnal firewall" (et pour les deux, l'utilisation serait rare !!! . Sous programme files, dans le répertoire sunbelt, j'ai deux applications très similaires datant du 26/04/2007 : kpf4ss.exe et kpf4gui.exe. Est-ce normal ?

    Pour la réinstal, quel lien me conseilles-tu ?

    Merci. Dans l'attente de ta réponse.
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui tu en a deux ce qui explique le pb , desinstalle tout et remet kerio
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html

    sinon si le souci persiste mets en un autre:
    Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
    0
    1. bboule22
       
      Bonjour jlpjlp,

      Merci encore pour ta réponse.

      J'ai donc désinstallé Kerio et tout compte fait j'ai opté pour Online Armor. Merci pour le tutoriel.

      Voilà un nouveau rapport hijackthis :


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:29:52, on 30/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\acer\Acer eConsole\MediaServerService.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Acer\eRecovery\Monitor.exe
      C:\WINDOWS\system32\VTTimer.exe
      C:\WINDOWS\system32\VTtrayp.exe
      C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
      C:\PROGRA~1\WANADOO\TaskBarIcon.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Tall Emu\Online Armor\oaui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Hijackthis\pourvoir.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
      O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
      O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
      O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
      O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
      O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ez macro
    tu peux le reinstaller si tu veux
    0
  • 1
  • 2