Infecté Trojan.Phis + Generic.Peed.Em + JS.Fe

bboule22 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Merci de votre aide. de nombreux fichiers sont infectés (rapport de bitdefender on line). L'infection semble s'étendre (il y a quelques jours, le même scan avec bitdefender on line ne révélait que 3 infections

J'avais avast, mais je viens de passer à antivir. Ils ne détectent rien.
J'ai lancé spybot, avg anti spyware, ad square, ad ware, sophos : rien à signaler.
Je nettoie régulièrement avec ccleaner.

Mes symptômes : depuis une infection par cheval de troie repéré et détruit par avast, mon micro a eu des lenteurs inhabituelles. Certains programment ne fonctionnent plus correctement. Ex : thunderbird (blocages lors de l'utilisation de filtres, lenteurs énormes et blocage lorsque j'ai voulu changer le paramétrage des comptes utilisateurs) ou encore ez macro que j'ai besoin d'utiliser pour des enregistrements de séquences de touches et de souris (lorsque je lance les macros elles ne s'éxécutent pas correctement : elles bloquent à certains moments, les rendant inutilisables). Aujourd"hui, je ne vois plus "mes documents" dans le poste de travail....

J'ai suivi votre méthode préliminaire. Je ne poste pas le scan d'avg (car il n'a rien trouvé).

Vous trouverez le rapport de bitdefener, puis celui d'hitjacthis :


- le rapport de bitdefender:

BitDefender Online Scanner







Scan report generated at: Mon, Mar 24, 2008 - 04:04:56









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;















Statistics

Time


02:37:53

Files


1209617

Folders


9690

Boot Sectors


0

Archives


425363

Packed Files


29234







Results

Identified Viruses


53

Infected Files


55

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


55







Engines Info

Virus Definitions


1021906

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta


Infected with: JS.Feebs.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip=>data.hta


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)=>message.zip


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)=>[Subject: Hi][Date: Tue, 5 Dec 2006 09:48:14 +0000]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 12467)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)


Infected with: Generic.Trojan.Phish.C316548C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21078)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)


Infected with: Generic.Trojan.Phish.31926682

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21619)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)


Infected with: Generic.Trojan.Phish.2556E52A

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21776)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)


Infected with: Generic.Trojan.Phish.517F47A3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 21975)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)


Infected with: Generic.Trojan.Phish.8471D0C3

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22103)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)


Infected with: Generic.Trojan.Phish.F4426419

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22800)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)


Infected with: Generic.Trojan.Phish.37BE24AF

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 22916)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)


Infected with: Generic.Trojan.Phish.591A4999

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23270)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)


Infected with: Generic.Trojan.Phish.87BAC95C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23390)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)


Infected with: Generic.Trojan.Phish.8128FD57

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23428)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)


Infected with: Generic.Trojan.Phish.0C8DCC41

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23653)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)


Infected with: Generic.Trojan.Phish.A9EA141C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23807)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)


Infected with: Generic.Trojan.Phish.AE2E1E68

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23849)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)


Infected with: Generic.Trojan.Phish.0378CEC0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 23935)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)


Infected with: Generic.Peed.Eml.F2A622C5

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 44346)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)


Infected with: Generic.Peed.Eml.AB14D021

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 45708)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)


Infected with: Generic.Peed.Eml.AF385539

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 46305)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)


Infected with: Generic.Peed.Eml.B8D10211

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47650)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)


Infected with: Generic.Peed.Eml.89CE16D0

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 47812)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)


Infected with: Generic.Peed.Eml.CE2BACC6

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48025)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)


Infected with: Generic.Peed.Eml.23861448

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 48905)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)


Infected with: Generic.Peed.Eml.6CA65881

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49010)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)


Infected with: Generic.Peed.Eml.B39036DB

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49305)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)


Infected with: Generic.Peed.Eml.F67C2584

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49332)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)


Infected with: Generic.Peed.Eml.F269C4D4

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 49673)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)


Infected with: Generic.Peed.Eml.F4EF7ACC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50475)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)


Infected with: Generic.Peed.Eml.7CC973B9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50833)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)


Infected with: Generic.Peed.Eml.BB34CDC2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 50891)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)


Infected with: Generic.Peed.Eml.C12ECC42

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 51491)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)


Infected with: Generic.Peed.Eml.560F0A0C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52751)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)


Infected with: Generic.Peed.Eml.80F4FA95

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52784)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)


Infected with: Generic.Peed.Eml.FB203BF2

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52806)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)


Infected with: Generic.Peed.Eml.1FEC2028

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52831)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)


Infected with: Generic.Peed.Eml.B7F0CD66

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52886)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)


Infected with: Generic.Peed.Eml.253E3303

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52914)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)


Infected with: Generic.Peed.Eml.3FE02C4C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52927)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)


Infected with: Generic.Peed.Eml.05DB912C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52953)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)


Infected with: Generic.Peed.Eml.1F749599

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52969)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)


Infected with: Generic.Peed.Eml.2861DFB9

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 52986)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)


Infected with: Generic.Peed.Eml.A664632C

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53050)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)


Infected with: Generic.Peed.Eml.40AD57CC

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53061)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)


Infected with: Generic.Peed.Eml.D96FB8ED

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53083)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)


Infected with: Generic.Peed.Eml.4AF23649

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 53125)


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf


Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)=>report.2007.10.26.4956295.pdf


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)=>[Subject: Statement of retained earnings][Date: Sat, 27 Oct 2007 18:14:06 -0500]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 76522)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf


Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)=>report.2007.10.29.6837501.pdf


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)=>[Subject: Statement of cash flows][Date: Mon, 29 Oct 2007 14:38:33 -0300]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77107)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf


Infected with: Exploit.PDF-URI.Gen

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf


Disinfection failed

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)=>report.2007.10.29.5976708.pdf


Deleted

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)=>[Subject: Credit sheet][Date: Mon, 29 Oct 2007 23:57:11 +0200]=>(MIME part)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox=>(message 77152)


Updated

C:\Documents and Settings\elsa\Application Data\Thunderbird\Profiles\qj6fleck.default\Mail\Local Folders\Inbox


Updated

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)


Detected with: Application.VTesttool.A

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 2)


Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)


Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)


Detected with: Application.VTesttool.B

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 3)


Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)


Update failed

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)


Detected with: Application.VTesttool.C

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)=>(Instyler Module 4)


Deleted

C:\Documents and Settings\bertrand\Mes documents\Divers\setup.exe=>(Instyler o)


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)


Infected with: Generic.Peed.Eml.F12161EF

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 32876)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)


Infected with: Generic.Peed.Eml.F9DDC72C

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 40716)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)


Infected with: Generic.Peed.Eml.3E1CBA4A

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 42122)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)


Infected with: Generic.Peed.Eml.02B200C1

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43077)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)


Infected with: Generic.Peed.Eml.99D861C7

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)


Disinfection failed

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox=>(message 43582)


Deleted

C:\Documents and Settings\bertrand\Application Data\Thunderbird\Profiles\heglr0md.default\Mail\Local Folders\Inbox


Update failed






- le rapport hitjacthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:43, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Basta Computing\Buzof\Buzof.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\American Systems\EZ Macros\EZMacros.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Buzof.lnk = C:\Program Files\Basta Computing\Buzof\Buzof.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
bboule22
 
Bonjour jlpjlp,

j'espère que tu vas bien.

Je suis très contente de mon nouveau pare-feu (armor on line).

Je reviens à toi afin de finaliser encore quelques points qui restent en suspend :

- comment désinstaller complètement ez macro ? (cf messages précédents : il reste 3 fichiers dont l'application principale que je n'arrive pas à supprimer.


--------------------------------------------------------

- j'ai remarqué que j'ai encore quelques fichiers résidus de symantec (un norton désintallé depuis 18 mois). Comment m'en débarrasser complètement ?

--------------------------------------------------------

j'ai entendu parlé de "drop my rights", un utilitaire qui permet de surfer sans les droits administrateurs. Qu'en penses-tu ? C'est fiable ? utile ? si oui, peux-tu me conseiller un lien ?

--------------------------------------------------------

Merci encore pour ton aide et des conseils avisés.

Dans l'attente de ta réponse.
0
Réponse 22 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
- comment désinstaller complètement ez macro ? (cf messages précédents : il reste 3 fichiers dont l'application principale que je n'arrive pas à supprimer.

tu mets les 3 fichiers dans la citation otmovit pour les virer:




télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :



clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


--------------------------------------------------------

- j'ai remarqué que j'ai encore quelques fichiers résidus de symantec (un norton désintallé depuis 18 mois). Comment m'en débarrasser complètement ?

pour virer norton:

fais ceci
https://www.pcastuces.com/newsletter/adj/1630.htm

ou
fais ceci

https://forum.zebulon.fr/topic/73027-supprimer-norton/

ou ceci:

https://forum.zebulon.fr/index.php?act=ST&f=38&t=57795










--------------------------------------------------------

j'ai entendu parlé de "drop my rights", un utilitaire qui permet de surfer sans les droits administrateurs. Qu'en penses-tu ? C'est fiable ? utile ? si oui, peux-tu me conseiller un lien ?


DESOLE je ne connais pas!!
0
bboule22
 
Bonjour jlpjlp,

faut-il que je désinstalle les programmes que tu m'avais conseillé d'installer ? :
-combofix
- setup
- otmoveit
etc

Puis-je nettoyer mon bureau ?

merci encore pour ton aide, dans l'attente de ta réponse.

NB1 : j'ai toujours beaucoup de lenteur (uc utilisée en permanence à 100% et je ne peux pas faire les mises à jour d'antivir)

NB2 : pour "drop my rights", j'ai retrouvé, c'était sur le site, voilà le lien , ca peux t'intéresser : http://www.commentcamarche.net/faq/sujet 8052 mode administrateur ou utilisateur sous xp
0
Réponse 23 / 28
bboule22
 
Bonjour jlpjlp,

Je reviens à toi car j'ai à nouveau un problème :
- mon ordi est d'une lenteur totalement allucinante (c'est à peine si j'arrive à t'écrire) !
- je n'arrive pas à faire la mise à jour d'antivir

Je reviens juste de vacances, j'avais lancé une défrag pendant mon absence et déconnecté ma livebox.

Merci de ton aide.
0
Réponse 24 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu peux virer les logiciels que je t'ai fais utiliser . Pour antivir tu à téléchargé la version 8 sortie ce mois ci ? Si c'est pas le cas vire antivir et installe la version 8
0
bboule22
 
Bonjour,

effectivement j'ai la version 7. je désinstalle et je réinstalle la nouvelle version et je te tiens au courant.

pou supprimer les programmes, je supprime manuellement les fichiers et les dossiers quand ils n'apparaissent pas dans "ajout/suppression de programmes" ?

Sinon, j'envisage peut etre de faire un formatage , mon pc rame vraiment trop... je me renseigne car je n'ai jamais faiit ca (post dans le forum windows).
0
bboule22
 
Re,

Oh la la ! j'ai désinstallé la version 7 et j'ai installé la version 8 (prenium) mais je ne peux scanner : j'ai un message "license file is available, but no valid license" !!! ????? ce serait une version de démo mais j'ai peur qu'elle ne soit pas active.

Que dois-je faire ??? c'est vraiment problématique.

Merci pour ta réponse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faut que tu mette la version d'antivir gratuite et non une des versions payantes proposées
0
bboule22
 
Re,

J'ai finalement trouvé un tutorial sur le site d'espion3004 : en fait il faut demander un numéro de license pour avoir la version, à priori complete, mais pendant 6 mois. Apres c'est payant.
parce qu'en version 8, qui vient de sortir, c'est antivir prenium, et non antivir personnal firewall...
à moins que tu aie un lien vers une autre version 8....

En tout cas, même avec cette version, je n'arrive toujiours pas à faire les mises à jour...il parait que les serveurs de mise à jour sont trop sollicités, mais quand même...
et il y a une partie du programme qui devrait être active et qui ne l'est pas (mailguard) sans compter que mon centre de secvurite windows me dit que mon antivirus est perimé ! je ne sais pas quoi en penser... et toi ?

Sinon peux tu me dire si je dois supprimer manuellement les programmes comme combofix, OTmoveit, etc.... ?
0
Réponse 26 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faut que tu mette la version d'antivir gratuite et non une des versions payantes proposées
0
bboule22
 
Re,

J'ai finalement trouvé un tutorial sur le site d'espion3004 : en fait il faut demander un numéro de license pour avoir la version, à priori complete, mais pendant 6 mois. Apres c'est payant.
parce qu'en version 8, qui vient de sortir, c'est antivir prenium, et non antivir personnal firewall...
à moins que tu aie un lien vers une autre version 8....

En tout cas, même avec cette version, je n'arrive toujiours pas à faire les mises à jour...il parait que les serveurs de mise à jour sont trop sollicités, mais quand même...
et il y a une partie du programme qui devrait être active et qui ne l'est pas (mailguard) sans compter que mon centre de secvurite windows me dit que mon antivirus est perimé ! je ne sais pas quoi en penser... et toi ?

Sinon peux tu me dire si je dois supprimer manuellement les programmes comme combofix, OTmoveit, etc.... ?
0
Réponse 27 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
1/ tu peux utiliser toolsclean pour virer ce que je t'ai fais mettre (combofix....)

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner



2/ pour antivir 8: la premiere mise a jour est longue et demande parfois d'essayer plusieurs fois puis apres c'est bon!




pour protéger gratos ton ordi

https://www.commentcamarche.net/telecharger/ 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT

+

SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
bboule22
 
Bonjour jlpjlp,

Merci pour ta réponse.

1- POUR ANTIVIR V8 je n'arrive toujours pas à faire la mise à jour, et ce n'est pas faute d'essayer. en fait l'updater.exe mets un temps monstre à s'ouvrir (quand il daigne bien s'ouvrir) et généralement se bloque tout seul (ne répond plus) ; j'ai alors un mal de chien à le fermer....

2- Que penses tu du fait que mon UC est utilisée en permanence à 100% même après une défrag ?
0
Réponse 28 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_____________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_____________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses
mustapha
mustapha -
Ainillia -

1 réponse