Infecté Trojan.Phis + Generic.Peed.Em + JS.Fe

bboule22 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Merci de votre aide. de nombreux fichiers sont infectés (rapport de bitdefender on line). L'infection semble s'étendre (il y a quelques jours, le même scan avec bitdefender on line ne révélait que 3 infections

J'avais avast, mais je viens de passer à antivir. Ils ne détectent rien.
J'ai lancé spybot, avg anti spyware, ad square, ad ware, sophos : rien à signaler.
Je nettoie régulièrement avec ccleaner.

Mes symptômes : depuis une infection par cheval de troie repéré et détruit par avast, mon micro a eu des lenteurs inhabituelles. Certains programment ne fonctionnent plus correctement. Ex : thunderbird (blocages lors de l'utilisation de filtres, lenteurs énormes et blocage lorsque j'ai voulu changer le paramétrage des comptes utilisateurs) ou encore ez macro que j'ai besoin d'utiliser pour des enregistrements de séquences de touches et de souris (lorsque je lance les macros elles ne s'éxécutent pas correctement : elles bloquent à certains moments, les rendant inutilisables). Aujourd"hui, je ne vois plus "mes documents" dans le poste de travail....

J'ai suivi votre méthode préliminaire. Je ne poste pas le scan d'avg (car il n'a rien trouvé).

Vous trouverez le rapport de bitdefener, puis celui d'hitjacthis :


- le rapport de bitdefender:

BitDefender Online Scanner







Scan report generated at: Mon, Mar 24, 2008 - 04:04:56









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;















Statistics

Time


02:37:53

Files


1209617

Folders


9690

Boot Sectors


0

Archives


425363

Packed Files


29234







Results

Identified Viruses


53

Infected Files


55

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


55







Engines Info

Virus Definitions


1021906

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta


Infected with: JS.Feebs.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)


Infected with: Generic.Trojan.Phish.C316548C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)


Infected with: Generic.Trojan.Phish.31926682

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)


Infected with: Generic.Trojan.Phish.2556E52A

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)


Infected with: Generic.Trojan.Phish.517F47A3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)


Infected with: Generic.Trojan.Phish.8471D0C3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)


Infected with: Generic.Trojan.Phish.F4426419

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)


Infected with: Generic.Trojan.Phish.37BE24AF

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)


Infected with: Generic.Trojan.Phish.591A4999

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)


Infected with: Generic.Trojan.Phish.87BAC95C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)


Infected with: Generic.Trojan.Phish.8128FD57

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)


Infected with: Generic.Trojan.Phish.0C8DCC41

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)


Infected with: Generic.Trojan.Phish.A9EA141C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)


Infected with: Generic.Trojan.Phish.AE2E1E68

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)


Infected with: Generic.Trojan.Phish.0378CEC0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)


Infected with: Generic.Peed.Eml.F2A622C5

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)


Infected with: Generic.Peed.Eml.AB14D021

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)


Infected with: Generic.Peed.Eml.AF385539

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)


Infected with: Generic.Peed.Eml.B8D10211

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)


Infected with: Generic.Peed.Eml.89CE16D0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)


Infected with: Generic.Peed.Eml.CE2BACC6

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)


Infected with: Generic.Peed.Eml.23861448

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)


Infected with: Generic.Peed.Eml.6CA65881

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)


Infected with: Generic.Peed.Eml.B39036DB

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)


Infected with: Generic.Peed.Eml.F67C2584

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)


Infected with: Generic.Peed.Eml.F269C4D4

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)


Infected with: Generic.Peed.Eml.F4EF7ACC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)


Infected with: Generic.Peed.Eml.7CC973B9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)


Infected with: Generic.Peed.Eml.BB34CDC2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)


Infected with: Generic.Peed.Eml.C12ECC42

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)


Infected with: Generic.Peed.Eml.560F0A0C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)


Infected with: Generic.Peed.Eml.80F4FA95

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)


Infected with: Generic.Peed.Eml.FB203BF2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)


Infected with: Generic.Peed.Eml.1FEC2028

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)


Infected with: Generic.Peed.Eml.B7F0CD66

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)


Infected with: Generic.Peed.Eml.253E3303

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)


Infected with: Generic.Peed.Eml.3FE02C4C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)


Infected with: Generic.Peed.Eml.05DB912C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)


Infected with: Generic.Peed.Eml.1F749599

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)


Infected with: Generic.Peed.Eml.2861DFB9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)


Infected with: Generic.Peed.Eml.A664632C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)


Infected with: Generic.Peed.Eml.40AD57CC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)


Infected with: Generic.Peed.Eml.D96FB8ED

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)


Infected with: Generic.Peed.Eml.4AF23649

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf


Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf


Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf


Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)


Detected with: Application.VTesttool.A

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)


Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)


Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)


Detected with: Application.VTesttool.B

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)


Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)


Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)


Detected with: Application.VTesttool.C

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)


Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)


Infected with: Generic.Peed.Eml.F12161EF

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)


Infected with: Generic.Peed.Eml.F9DDC72C

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)


Infected with: Generic.Peed.Eml.3E1CBA4A

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)


Infected with: Generic.Peed.Eml.02B200C1

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)


Infected with: Generic.Peed.Eml.99D861C7

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed






- le rapport hitjacthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:43, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Basta Computing\Buzof\Buzof.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\American Systems\EZ Macros\EZMacros.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

28 réponses

  • 1
  • 2
Réponse 1 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt, la majorité des infections sont dans ta messagrerie thundirbird, vire les message de thundirbird douteux voir tout...


_________


AVG antispyware
https://www.01net.com/telecharger/
http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici



____________

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
bboule22
 
Re,

Voilà, j'ai viré un maximum de messages dans thunderbird (nb : certains dossiers ne veulent pas être supprimés).

J'ai lancé AVG, il n'a rien trouvé d'autre qu'un cookie, et n'a pas génénré de rapport.

J'ai installé navilog et ai suivi la procédure. Voici le rapport :

Search Navipromo version 3.5.1 commencé le 24/03/2008 à 16:04:53.39

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "elsa"

Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\elsa\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\elsa\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\elsa\menud+~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\elsa\locals~1\applic~1" *

* Recherche dans "C:\docume~1\axel\locals~1\applic~1" *

* Recherche dans "C:\docume~1\bertrand\locals~1\applic~1" *

* Recherche dans "C:\docume~1\roxanne\locals~1\applic~1" *

* Recherche dans "C:\docume~1\xp\locals~1\applic~1" *

* Recherche dans "C:\docume~1\livebox\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\elsa\locals~1\applic~1" :


* Dans "C:\docume~1\axel\locals~1\applic~1" :


* Dans "C:\docume~1\bertrand\locals~1\applic~1" :


* Dans "C:\docume~1\roxanne\locals~1\applic~1" :


* Dans "C:\docume~1\xp\locals~1\applic~1" :


* Dans "C:\docume~1\livebox\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 24/03/2008 à 16:06:56.39 ***


Merci. Dans l'attente de votre réponse.

Cordialement.
0
Réponse 2 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com

________
recolle un rapport bitdefender
0
Réponse 3 / 28
bboule22
 
Bonsoir,

Voilà j'ai bien désactivé la restauration systeme, puis je l'ai réactivée (avec un nouveau point de restauration).

Puis j'ai relancé un scan on line avec bitdefender. Voilà le rapport :

BitDefender Online Scanner



Scan report generated at: Mon, Mar 24, 2008 - 19:42:12





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
02:38:17

Files
1219716

Folders
9409

Boot Sectors
4

Archives
435450

Packed Files
28640




Results

Identified Viruses
51

Infected Files
51

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
51




Engines Info

Virus Definitions
1022055

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
Infected with: Generic.Trojan.Phish.C316548C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
Infected with: Generic.Trojan.Phish.31926682

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
Infected with: Generic.Trojan.Phish.2556E52A

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
Infected with: Generic.Trojan.Phish.517F47A3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
Infected with: Generic.Trojan.Phish.8471D0C3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
Infected with: Generic.Trojan.Phish.F4426419

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
Infected with: Generic.Trojan.Phish.37BE24AF

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
Infected with: Generic.Trojan.Phish.591A4999

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
Infected with: Generic.Trojan.Phish.87BAC95C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
Infected with: Generic.Trojan.Phish.8128FD57

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
Infected with: Generic.Trojan.Phish.0C8DCC41

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
Infected with: Generic.Trojan.Phish.A9EA141C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
Infected with: Generic.Trojan.Phish.AE2E1E68

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
Infected with: Generic.Trojan.Phish.0378CEC0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
Infected with: Generic.Peed.Eml.F2A622C5

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
Infected with: Generic.Peed.Eml.AB14D021

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
Infected with: Generic.Peed.Eml.AF385539

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
Infected with: Generic.Peed.Eml.B8D10211

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
Infected with: Generic.Peed.Eml.89CE16D0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
Infected with: Generic.Peed.Eml.CE2BACC6

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
Infected with: Generic.Peed.Eml.23861448

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
Infected with: Generic.Peed.Eml.6CA65881

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
Infected with: Generic.Peed.Eml.B39036DB

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
Infected with: Generic.Peed.Eml.F67C2584

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
Infected with: Generic.Peed.Eml.F269C4D4

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
Infected with: Generic.Peed.Eml.F4EF7ACC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
Infected with: Generic.Peed.Eml.7CC973B9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
Infected with: Generic.Peed.Eml.BB34CDC2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
Infected with: Generic.Peed.Eml.C12ECC42

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
Infected with: Generic.Peed.Eml.560F0A0C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
Infected with: Generic.Peed.Eml.80F4FA95

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
Infected with: Generic.Peed.Eml.FB203BF2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
Infected with: Generic.Peed.Eml.1FEC2028

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
Infected with: Generic.Peed.Eml.B7F0CD66

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
Infected with: Generic.Peed.Eml.253E3303

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
Infected with: Generic.Peed.Eml.3FE02C4C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
Infected with: Generic.Peed.Eml.05DB912C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
Infected with: Generic.Peed.Eml.1F749599

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
Infected with: Generic.Peed.Eml.2861DFB9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
Infected with: Generic.Peed.Eml.A664632C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
Infected with: Generic.Peed.Eml.40AD57CC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
Infected with: Generic.Peed.Eml.D96FB8ED

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
Infected with: Generic.Peed.Eml.4AF23649

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)
Detected with: Application.VTesttool.A

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)
Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)
Detected with: Application.VTesttool.B

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)
Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)
Detected with: Application.VTesttool.C

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)
Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
Infected with: Generic.Peed.Eml.F12161EF

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
Infected with: Generic.Peed.Eml.F9DDC72C

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
Infected with: Generic.Peed.Eml.3E1CBA4A

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
Infected with: Generic.Peed.Eml.02B200C1

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
Infected with: Generic.Peed.Eml.99D861C7

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed



J'ai l'impression que c'est de pire en pire ... J'avais pourtant supprimé beaucoup de messages (ex : dans l'utilisateur "bertrand", j'ai quasiment tout supprimé). Faut-il tout supprimer ?

Merci. Dans l'attente de votre réponse.

Cordialement.
0
Réponse 4 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire le dossier setup manuellement en alant dans poste de travail puis
C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe




ensuite tous les autres sont dans ta messagerie thundirbird!
0
bboule22
 
Bonsoir,

J'ai bien viré le fichier setup.exe.
Et dans Thundirbird. J'ai fait le grand ménage. Ne subsiste que les messages que je dois garder.

Que dois-je faire maintenant ?

Merci beaucoup.

Cordialement.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 6 / 28
bboule22
 
Re,

Voilà, j'ai installé à nouveau hijackthis, après l'avoir renommé, dans le répertoire que tu m'as conseillé de créer. Voilà le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:44, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Basta Computing\Buzof\Buzof.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\American Systems\EZ Macros\EZMacros.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'bertrand')
O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1007\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe" (User 'bertrand')
O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1007\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'bertrand')
O4 - HKUS\S-1-5-21-46442630-3457137951-1896838046-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'xp')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 7 / 28
bboule22
 
Bonjour jlpjlp,

J'espère que vous allez bien aujourd'hui.

Je ne sais pas si vous avez vu ma réponse en date d'hier soir avec le rapport d'hijackthis.
Mais peut être que vous n'avez pas eu le temps.

Merci encore par avance et dans l'attente de votre réponse.

Cordialement.
0
Réponse 8 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

tu as beaucoups de barre dans internet fais le menage et garde en pas plus de 3:

netXfer
Windows Live Sign-in Helper
Google Toolbar Helper
Copernic
&Yahoo! Toolbar
RoboForm
...........
_______________________


O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: Raccourci vers TCLOCKEX.EXE.lnk = D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE (User 'xp')
O4 - S-1-5-21-46442630-3457137951-1896838046-1010 User Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'xp')
O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab

__________


boonty est aussi source de pub si tu ne l'utilise pas vire le

_____________


sinon rien de special ton infection est dans tes message de thundirbird il faut faire le menage...



peut etre essaye de regler antivir pour qu'il scanne ta messagerie

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis
clique sur general puis email et configure la protection de ta messageri
0
bboule22
 
Re,

Merci pour ta réponse.

1- Dans antivir, j'ai suivi tes instructions, mais il n'y a pas de paramétrage pour le scan des messages. Juste une indication pour le serveur smtp pour faire un test d'envoi....

2- Boonty, je ne sais pas ce que c'est. Un programme ? je ne vois rien dans la liste des programmes qui corresponde à cela. Sinon, comment l'enlever ?

3- Les barres dans internet que tu évoques sont dans IE, que je n'utilise quasiment plus jamais... D'accord avec toi, la plupart des barres ne me servent à rien. Mais par contre, comment les désintaller ?

4 - Enfin, et surtout, comme je te le disais, j'ai fais le grand ménage dans les messages. Chez "Bertrand" il n'y a plus rien et pourtant bitdefender indiquait toujours des fichiers infectés (tu trouves ça normal ?). Chez "Elsa" j'ai supprimé tout ce qui pouvait l'être. le reste je dois conserver ; je n'ai pas refait de scan depuis, je vais en faire un et je te tiens au courant.

A noter, lors du dernier scan avec bitdefender, j'ai eu un message d'erreur indiquant qu'il ne pouvait mettre à jour la base de donnée virale..... j'ai lancé le scan quand même.


Merci encore.

Dans l'attente de ta réponse.

@+
0
Réponse 9 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour virer les barres dans internet tu vas dans ton panneau de configuration puis AJOUT/SUPPRESSION de PROGRAMMe et tu vire les barres non utilisées


______________

pour virer boonty: ( permet de faire des jeux sur internet mais associé a des sponsors...)



« Démarrer » > « Executer » > taper cmd > valide par ok

dans la fenetre noire tape ceci en respectant bien les espaces et guillemets

sc stop "Boonty Games" ==> [Enter]
sc config "Boonty Games" start= disabled ==> [Enter]
sc delete "Boonty Games" ==> [Enter]

* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\boontyGames
C:\Program Files\boonty

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

post le rapport de ot_move it ainsi qu´un nouveau hijack this

___________________

pour bitdefender , refais en un et colle le rapport
0
bboule22
 
Re,


Merci pour ta réponse.

Pour boonty, je m'en occupe un peu plus tard.

Voici le nouveau rapport de bitdefender, toujours les mêmes infections alors que j'ai viré quasiment tous les messages et qu'il ne reste plus que ceux que je dois conserver. Il y un truc qui cloche. De plus, j'ai encore eu le meme message d'erreur au lancement du scan (échec pour la mise à jour de la base virale).


BitDefender Online Scanner



Scan report generated at: Tue, Mar 25, 2008 - 17:30:26





Scan path: C:\Documents and Settings\elsa;C:\Documents and Settings\bertrand;







Statistics

Time
02:01:50

Files
944781

Folders
3279

Boot Sectors
4

Archives
439683

Packed Files
15173




Results

Identified Viruses
48

Infected Files
48

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
48




Engines Info

Virus Definitions
1022992

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
Infected with: Generic.Trojan.Phish.C316548C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
Infected with: Generic.Trojan.Phish.31926682

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
Infected with: Generic.Trojan.Phish.2556E52A

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
Infected with: Generic.Trojan.Phish.517F47A3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
Infected with: Generic.Trojan.Phish.8471D0C3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
Infected with: Generic.Trojan.Phish.F4426419

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
Infected with: Generic.Trojan.Phish.37BE24AF

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
Infected with: Generic.Trojan.Phish.591A4999

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
Infected with: Generic.Trojan.Phish.87BAC95C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
Infected with: Generic.Trojan.Phish.8128FD57

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
Infected with: Generic.Trojan.Phish.0C8DCC41

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
Infected with: Generic.Trojan.Phish.A9EA141C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
Infected with: Generic.Trojan.Phish.AE2E1E68

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
Infected with: Generic.Trojan.Phish.0378CEC0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
Infected with: Generic.Peed.Eml.F2A622C5

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
Infected with: Generic.Peed.Eml.AB14D021

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
Infected with: Generic.Peed.Eml.AF385539

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
Infected with: Generic.Peed.Eml.B8D10211

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
Infected with: Generic.Peed.Eml.89CE16D0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
Infected with: Generic.Peed.Eml.CE2BACC6

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
Infected with: Generic.Peed.Eml.23861448

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
Infected with: Generic.Peed.Eml.6CA65881

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
Infected with: Generic.Peed.Eml.B39036DB

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
Infected with: Generic.Peed.Eml.F67C2584

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
Infected with: Generic.Peed.Eml.F269C4D4

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
Infected with: Generic.Peed.Eml.F4EF7ACC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
Infected with: Generic.Peed.Eml.7CC973B9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
Infected with: Generic.Peed.Eml.BB34CDC2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
Infected with: Generic.Peed.Eml.C12ECC42

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
Infected with: Generic.Peed.Eml.560F0A0C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
Infected with: Generic.Peed.Eml.80F4FA95

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
Infected with: Generic.Peed.Eml.FB203BF2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
Infected with: Generic.Peed.Eml.1FEC2028

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
Infected with: Generic.Peed.Eml.B7F0CD66

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
Infected with: Generic.Peed.Eml.253E3303

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
Infected with: Generic.Peed.Eml.3FE02C4C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
Infected with: Generic.Peed.Eml.05DB912C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
Infected with: Generic.Peed.Eml.1F749599

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
Infected with: Generic.Peed.Eml.2861DFB9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
Infected with: Generic.Peed.Eml.A664632C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
Infected with: Generic.Peed.Eml.40AD57CC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
Infected with: Generic.Peed.Eml.D96FB8ED

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
Infected with: Generic.Peed.Eml.4AF23649

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)
Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
Infected with: Generic.Peed.Eml.F12161EF

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
Infected with: Generic.Peed.Eml.F9DDC72C

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
Infected with: Generic.Peed.Eml.3E1CBA4A

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
Infected with: Generic.Peed.Eml.02B200C1

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
Infected with: Generic.Peed.Eml.99D861C7

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)
Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox
Update failed




De plus j'ai toujours les mêmes symptomes qu'au début.

Nb : je ne sais si ça peut t'aider, mais j'ai souvent des message sans objet, sans émetteur ni destinataire et dont la date est du 1/01/1970.


Merci encore. dans l'attente de ta réponse.
0
Réponse 10 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok tout est dans ta messagerie il faudrait virer tous les message... sauf ceux auxquels tu tiens vraiment et on verra
0
Réponse 11 / 28
bboule22
 
Bonjour jlpjlp,

J'espère que tu vas bien.

Bon, j'ai supprimé tous les messages sauf ceux auxquels je tiens vraiment (ceux qui restent concernent l'utilisateur "elsa").

Pour l'utilisateur bertrand, il n'y a plus aucun message dans thunderbird.
Certains dossiers ne voulaient pas être supprimés (ce qui n'est pas normal). Je suis allée voir dans le répertoire sensé héberger les messages infectés (C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\).
Il y a un dossier intitulé inbox.sbd dans lequel j'ai tout viré (il y avait des noms de dossiers et de fichiers que j'avais pourtant viré de la messagerie il y a un moment ; Après ça dans la messagerie les dossiers qui ne voulaient pas disparaitre n'étaient plus là). Je trouve ça étrange.
Mais surtout, le fichier inbox, celui qui contient les messages infectés était de 1 143 949 ko (et ce matin de 1 144 740 ko alors que je ne l'ai pas ouverte depuis)! Je ne comprends pas, puisque la boite de bertrand est entièrement vide !

J'ai relancé un scan avec bitdefender en ne demandant que l'analyse de C:\Documents and Settings\bertrand\ et il a toujours détecté les mêmes problèmes (les 4 mêmes messages infectés) ;je ne recolle pas le rapport, cela me semble identique. Et toujours un échec pour mettre à jour la base de donnée virale au lancement du scan.

Enfin, au lancement de la session de bertrand, j'ai eu un message d'erreur du type "MMAgent.exe" ne peut s'executer" et à la fermeture un autre du genre "Kpk4gui.exe; l'initialisation de la dll a échoué."

Windows me propose en cas d'arrêt du micro d'installer des mises à jour. Je fais ou pas ?

Que penses-tu de tout ça ?

Merci par avance de ta réponse.
0
Réponse 12 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
essaye d'analyser le fichier en question avec antivir (clique avec le bouton droit sur le dossier)

_________



utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/

___________


combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


___________

mets a jour windows

__________
verifie avec bitdefender si encore des infections (si c'est le cas supprime les fichiers en question avec
eraser
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/6615.html
0
bboule22
 
Re,

pour combofix, il avait déjà été installé sur mon micro en mai 2007. Dans le dossier conbofix, il y a plein de fichiers. Est-ce que je dois tout supprimer, et réintaller une version à jour ?
0
Réponse 13 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui vire tout et reinstalle la derniere version
0
Réponse 14 / 28
bboule22
 
Re,

J'ai trouvé ! Il fallait tout simplement effectuer un compactage sous thunderbird. Tant qu'il n'est pas effectué, le fichier inbox continue de garder les messages effacés.
J'ai donc compacté sous les deux utilisateurs, les fichiers inbox ont été "vidés" et bitdefender ne trouve plus rien.

Voilà quand même le rapport de combofix que tu m'avais demandé :

ComboFix 08-03-25.4 - elsa 2008-03-26 12:38:24.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.167 [GMT 1:00]

((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
.

2008-03-26 12:08 . 2008-03-26 12:08 <REP> d-------- C:\Program Files\CCleaner
2008-03-24 21:21 . 2008-03-24 21:21 <REP> d-------- C:\Hijackthis
2008-03-24 16:02 . 2008-03-24 16:02 <REP> d-------- C:\Program Files\Navilog1
2008-03-24 13:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-24 13:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-24 00:44 . 2008-03-24 00:44 <REP> d--hs---- C:\FOUND.012
2008-03-23 22:26 . 2008-03-23 22:26 <REP> d-------- C:\Program Files\Lavasoft
2008-03-23 22:26 . 2008-03-23 22:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-23 22:25 . 2008-03-23 22:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-23 20:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-23 17:44 . 2008-03-23 17:44 <REP> d-------- C:\Program Files\Avira
2008-03-23 17:44 . 2008-03-23 17:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-23 16:58 . 2008-03-23 16:58 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-12 21:03 . 2008-03-12 21:03 <REP> d--hs---- C:\FOUND.011

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 15:09 1,454 ----a-w C:\Program Files\PRN112.TXT
2008-03-21 15:07 105 ----a-w C:\Program Files\modprof.ini
2008-02-14 14:42 26,775 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-09 14:56 739,240 ----a-w C:\Program Files\vnc-4_1_2-x86_win32.exe
2008-01-31 05:45 --------- d-----w C:\Program Files\a-squared Free
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-12-24 17:56 6,583,976 ----a-w C:\Program Files\Opera_9.25_International_Setup.exe
2007-12-02 14:23 49 ----a-w C:\Program Files\LAUREATS CAMPUS PROF.url
2007-12-02 14:23 105,438 ----a-w C:\Program Files\uninst.exe
2007-11-10 18:49 827,377 ----a-w C:\Program Files\hideippla.exe
2007-10-31 15:47 2,796,584 ----a-w C:\Program Files\AiRoboForm.exe
2006-12-20 12:27 7,799,000 ----a-w C:\Program Files\kerio-personal-firewall_kerio_personal_firewall_4.3.268_francais_11071.exe
2006-09-01 14:14 966,656 ----a-w C:\Program Files\ldirect.exe
2006-08-23 08:55 877,367 ----a-w C:\Program Files\MODPROF.EXE
2005-10-28 13:05 1,763,840 ----a-w C:\Program Files\CLIENT.exe
2005-08-18 12:52 387,631 ----a-w C:\Program Files\impexp.exe
2004-11-11 07:31 119,808 ----a-w C:\Program Files\UnzDll.dll
2004-11-11 07:04 137,728 ----a-w C:\Program Files\ZipDll.dll
2004-09-17 12:59 11,647 ----a-w C:\Program Files\LisezMoi.txt
2004-07-07 08:57 1,143,808 ----a-w C:\Program Files\XPRINTER.EXE
2003-08-29 09:49 323,887 ----a-w C:\Program Files\majbasep.exe
2003-08-20 07:34 832,512 ----a-w C:\Program Files\mailprof.exe
2003-03-27 12:49 2,275 ----a-w C:\Program Files\suppprof.htm
2003-01-15 09:05 129 ----a-w C:\Program Files\mailprof.ini
2002-02-26 14:37 17,078 ----a-w C:\Program Files\f8.xmp
2001-07-17 14:42 29,118 ----a-w C:\Program Files\f4.xmp
2001-07-13 09:49 4,070 ----a-w C:\Program Files\f5.xmp
2001-05-04 11:29 8,118 ----a-w C:\Program Files\f6.xmp
2001-05-03 16:53 32,118 ----a-w C:\Program Files\f7.xmp
2001-03-29 16:22 205,366 ----a-w C:\Program Files\f2.xmp
2000-11-20 00:01 61,440 ----a-w C:\Program Files\Cookies Manager.exe
2000-11-20 00:01 316 ----a-w C:\Program Files\file_id.diz
1997-07-01 01:50 248,000 ----a-w C:\Program Files\DATEDLL.DLL
1995-11-13 03:00 766 ----a-w C:\Program Files\MODPROF.ICO
1994-09-15 23:00 108,544 ----a-w C:\Program Files\COMPOBJ.DLL
1994-04-18 23:00 994,496 ----a-w C:\Program Files\MSAJT200.DLL
1994-04-10 23:00 17,440 ----a-w C:\Program Files\MSAJT112.DLL
1994-03-23 23:00 95,200 ----a-w C:\Program Files\VBDB300.DLL
1994-03-10 15:44 97,984 ----a-w C:\Program Files\CSTEXT.VBX
1994-02-23 09:58 55,264 ----a-w C:\Program Files\QPRO200.DLL
1994-02-08 01:18 324,112 ----a-w C:\Program Files\TRUEGRID.VBX
1994-01-28 13:28 22,368 ----a-w C:\Program Files\CSSPIN.VBX
1993-11-08 11:57 7,712 ----a-w C:\Program Files\CSMETER.VBX
1993-11-01 02:11 98,736 ----a-w C:\Program Files\COMMDLG.DLL
1993-07-20 02:01 36,096 ----a-w C:\Program Files\CSFORM.VBX
1993-05-11 23:00 398,416 ----a-w C:\Program Files\VBRUN300.DLL
1993-04-27 23:00 72,192 ----a-w C:\Program Files\GSWDLL.DLL
1993-04-27 23:00 70,800 ----a-w C:\Program Files\GRAPH.VBX
1993-04-27 23:00 64,544 ----a-w C:\Program Files\THREED.VBX
1993-04-27 23:00 44,656 ----a-w C:\Program Files\GRID.VBX
1993-04-27 23:00 286,720 ----a-w C:\Program Files\GSW.EXE
1993-04-27 23:00 25,648 ----a-w C:\Program Files\KEYSTAT.VBX
1993-04-27 23:00 18,688 ----a-w C:\Program Files\CMDIALOG.VBX
1993-04-27 23:00 13,824 ----a-w C:\Program Files\VBOA300.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 23:51 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-01 18:24 160592]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]
"VTTimer"="VTTimer.exe" [2005-05-13 12:57 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-05-13 12:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40 110592]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-01 14:25 421888]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"eCarteBleue-BP"="C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" [2003-06-20 11:09 188416]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768]
"InvisibleBrowsing"="" []
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 07:32 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 07:16 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-23 17:47 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

C:\Documents and Settings\xp\Menu D‚marrer\Programmes\D‚marrage\
Buzof.lnk - C:\Program Files\Basta Computing\Buzof\Buzof.exe [2007-06-10 18:22:24 666112]
Raccourci vers TCLOCKEX.EXE.lnk - D:\&amyriam\prog courrants\TClockEx2\TCLOCKEX.EXE [2007-07-09 11:06:41 89088]

C:\Documents and Settings\elsa\Menu D‚marrer\Programmes\D‚marrage\
Buzof.lnk - C:\Program Files\Basta Computing\Buzof\Buzof.exe [2007-06-10 18:22:24 666112]
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-31 12:43:49 344064]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12338:TCP"= 12338:TCP:NortonAV
"5900:TCP"= 5900:TCP:vnc
"5900:UDP"= 5900:UDP:vnc
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
R2 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-10-29 11:38]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\56.tmp []
S3 ProtoWall;ProtoWall Defender;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\livebox.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-08-14 11:52:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-26 11:19:02 C:\WINDOWS\Tasks\magiclic.job"
- D:\&amyriam\prog courrants\magiclic.exe
"2007-08-26 13:59:20 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 12:44:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\56.tmp"
.
Temps d'accomplissement: 2008-03-26 12:46:29
ComboFix2.txt 2007-05-05 21:01:52
ComboFix-quarantined-files.txt 2008-03-26 11:46:24
.
2008-03-26 11:01:14 --- E O F ---


------------------------
J'ai toujours un message d'erreur au lancement de la session de l'utilisateur bertrand, m'indiquant que MMAgent.exe ne peut s'exécuter. Qu'est-ce que ça veut dire ? C'est un problème de sécurité ?

-----------------------

Sinon, pour Boonty Games, j'ai voulu suivre ta procédure pour le virer, mais dès le début j'ai un problème après avoir executer la commande "cmd", lorsque je saisie : sc stop "Boonty Games" et que je fais enter , il me dit que ça n'a pu démarré....
------------------------
Pour les barres d'outils indésirables, je n'ai rien dans ajout/suppression de programmes qui évoque "yahoo" toolbar" et Windows Live Sign-in Helper... comment faire pour les désinstaller ?

------------------------

et surtout ce qui m'embête, c'est que Ez macro continue de bugger lors de l'exécution de séquences de touches et de clics enregistrés. Penses -tu que je peux avoir de l'aide sur un autre forum pour ce problème ? (qui ne semble apparemment pas lié à un malware.... ) Pourtant cela fait deux ans que je l'utilise sans probleme ; je comprends pas...

En tout cas, encore une fois merci pour ton aide.

Dans l'attente de ta réponse.
0
Réponse 15 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
parfait si tu as reussis! je note ta procedure pour les prochains!

_____________


Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.


envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr pour faire evoluer msnfix



_______________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
_______________



télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files\Xi\NetXfer\NXIEHelper.dll
C:\Program Files\Xi\NetXfer\NXToolBar.dll
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Basta Computing\Buzof\Buzof.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files\Xi\NetXfer
C:\Program Files\Xi\NetXfer\NXAddList.html
C:\Program Files\Xi\NetXfer\NXAddLink.html
C:\Program Files\Siber Systems\AI RoboForm
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\boontyGames
C:\Program Files\boonty

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
reinstalle
Ez macro
___________________

encore des soucis???
0
bboule22
 
Re,

Merci pour ta réponse, je vais m'occuper de tout ça, mais une question avant : j'utilise très fréquemment roboform (c'est un logiciel que j'ai acheté en toute légalité) et jusqu'à présent je n'ai pas constaté de problème avec son utilisation. Faut-il que je supprime avec MoveIt! les lignes concernant roborform. Idem pour les opérations avec hijackthis ?
0
Réponse 16 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok si tu veux garder roboform ne coche pas les lignes et fais ceci:

msnfix pour voir

_______________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe


________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\Xi\NetXfer\NXIEHelper.dll
C:\Program Files\Xi\NetXfer\NXToolBar.dll
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Basta Computing\Buzof\Buzof.exe
C:\Program Files\Xi\NetXfer
C:\Program Files\Xi\NetXfer\NXAddList.html
C:\Program Files\Xi\NetXfer\NXAddLink.html
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\boontyGames
C:\Program Files\boonty

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
reinstalle
Ez macro
___________________

encore des soucis???
0
bboule22
 
Bonjour jlpjlp,

Désolée pour cette réponse tardive, mais boulot oblige.

Voilà où j'en suis :


Impossible de désintaller ez macro. J'ai bien fait supprimer ez macro dans ajout/suppression de programme. Il a disparu de la liste mais était toujours actif. Dans "programme files", j'ai voulu supprimer le dossier "american system" dans lequel il est installé, mais l'appli ainsi que deux autres fichiers ne peuvent pas être supprimés manuellement.

-----------------------------------------------

voici le rapport msnfix demandé :

MSNFix 1.691

C:\Documents and Settings\elsa\Local Settings\Temp\MSNFix\MSNFix
Fix exécuté le 26/03/2008 - 18:57:07.68 By elsa
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\WinFXDocObj.exe] 660336AD0305C852122C5EEBBACE9BAF
[C:\AdbeRdr705_fra_full.exe] 4C3ADE8567FBEC22DB8DDC38C4312EAB
[C:\a2freesetup.exe] 512607823A0DC510D42A023EC1B096C7

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\elsa\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

------------------------------------------------

Avec MoveIt, j'ai supprimé les lignes que tu m'indiquais. Voici le rapport :

[Custom Input]
< C:\Program Files\Xi\NetXfer\NXIEHelper.dll >
File/Folder C:\Program Files\Xi\NetXfer\NXIEHelper.dll not found.
< C:\Program Files\Xi\NetXfer\NXToolBar.dll >
C:\Program Files\Xi\NetXfer\NXToolBar.dll unregistered successfully.
C:\Program Files\Xi\NetXfer\NXToolBar.dll moved successfully.
< C:\Program Files\MarkAny\ContentSafer\MAAgent.exe >
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe moved successfully.
< C:\Program Files\Basta Computing\Buzof\Buzof.exe >
C:\Program Files\Basta Computing\Buzof\Buzof.exe moved successfully.
< C:\Program Files\Xi\NetXfer >
C:\Program Files\Xi\NetXfer\Help\skv moved successfully.
C:\Program Files\Xi\NetXfer\Help\rus moved successfully.
C:\Program Files\Xi\NetXfer\Help\rom moved successfully.
C:\Program Files\Xi\NetXfer\Help\images\skv moved successfully.
C:\Program Files\Xi\NetXfer\Help\images\rus moved successfully.
C:\Program Files\Xi\NetXfer\Help\images\rom moved successfully.
C:\Program Files\Xi\NetXfer\Help\images\far moved successfully.
C:\Program Files\Xi\NetXfer\Help\images\eng moved successfully.
C:\Program Files\Xi\NetXfer\Help\images\chs moved successfully.
C:\Program Files\Xi\NetXfer\Help\images moved successfully.
C:\Program Files\Xi\NetXfer\Help\far moved successfully.
C:\Program Files\Xi\NetXfer\Help\eng moved successfully.
C:\Program Files\Xi\NetXfer\Help\chs moved successfully.
C:\Program Files\Xi\NetXfer\Help moved successfully.
C:\Program Files\Xi\NetXfer moved successfully.
< C:\Program Files\Xi\NetXfer\NXAddList.html >
File/Folder C:\Program Files\Xi\NetXfer\NXAddList.html not found.
< C:\Program Files\Xi\NetXfer\NXAddLink.html >
File/Folder C:\Program Files\Xi\NetXfer\NXAddLink.html not found.
< C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe >
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe moved successfully.
< C:\Program Files\Fichiers communs\BOONTY Shared >
C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.
< C:\Program Files\boontyGames >
File/Folder C:\Program Files\boontyGames not found.
< C:\Program Files\boonty >
File/Folder C:\Program Files\boonty not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03262008_194958



---------------------------------------------------

avec HijackThis j'ai fixé les lignes que tu m'indiquais sauf celles relatives à roboform.


---------------------------------------------------


Enfin, sur la session de l'utilisateur bertrand, plus de message au lancement concernant MAAgent.exe, mais toujours un message d'erreur à la fermeture de la session du type " kpf4gui.exe ; initialisation de la dll a échoué"



------------------------------------------------------------


Merci encore pour tout.

Dans l'attente de ta réponse.
0
Réponse 17 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse ce fichiers sur virus total et si infécté tu le vire: https://www.virustotal.com/gui/

C:\WINDOWS\system32\WinFXDocObj.exe


_______________

kpf4gui.exe c'est en general le parefeu subelt (kerio) essaye de le réinstaller pour voir

________________

recolle un hijakchits
0
Réponse 18 / 28
bboule22
 
Bonjour jlpjlp,

Merci pour ta réponse.

L'analyse avec virus total n'a rien donné.

Je vais maintenant réinstaller Kerio. Pour confirmation : je le désinstalle bien d'abord avec la suppression de programme ?
A noter, c'est étrange que j'ai deux Kerio dans la liste (!) : un "sunbelt personnal firewall" et un "sunbelt kerio personnal firewall" (et pour les deux, l'utilisation serait rare !!! . Sous programme files, dans le répertoire sunbelt, j'ai deux applications très similaires datant du 26/04/2007 : kpf4ss.exe et kpf4gui.exe. Est-ce normal ?

Pour la réinstal, quel lien me conseilles-tu ?

Merci. Dans l'attente de ta réponse.
0
Réponse 19 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui tu en a deux ce qui explique le pb , desinstalle tout et remet kerio
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html






sinon si le souci persiste mets en un autre:
Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
0
bboule22
 
Bonjour jlpjlp,

Merci encore pour ta réponse.

J'ai donc désinstallé Kerio et tout compte fait j'ai opté pour Online Armor. Merci pour le tutoriel.

Voilà un nouveau rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:52, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\pourvoir.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
0
Réponse 20 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ez macro
tu peux le reinstaller si tu veux
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
mustapha
mustapha -
Ainillia -

1 réponse