Sujet Précédent Sujet Suivant

A l'aide Virus !!!

Fermé
delf'anita Messages postés 3 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 16 janvier 2008 - 16 janv. 2008 à 17:45
roxypoupette Messages postés 620 Date d'inscription jeudi 27 décembre 2007 Statut Membre Dernière intervention 23 septembre 2017 - 16 janv. 2008 à 17:47
Bonjour,
Bonjour,Bref, pour résumer, j'ai malencontreusement ouvert le satané fichier DSC01497.zip et dans les 5 secondes qui ont suivi je me suis aperçue que c'était un virus. j'ai réagi de suite et fermé MSN. J'ai même supprimer TOUT MSN avec clé de registre, dossier de partage etc... J'ai recherché le fichier infecté, supprimer de suite. Il n'est plus dans mon PC.

Bref 36h plus tard et après maintes et maintes recherches, passages de bitdefender, adaware (rien trouvé), ccleaner, spybot (rien trouvé) et msnfix et quelques sauvegardes de fichiers... Il ne me reste plus qu'à faire hidjackthis... c'est fait !! rapport en fin de post

J'ai presque tout compris mais je demande assistance pour être sûre de bien faire dans l'ordre (il serait temps car j'ai déja fait plein de trucs) ;o)

Bitdefender me trouve un virus trojan.peed.gen dans c\windows\system32\dllcache\spoolms.exe qui ne peut être effacé et que MSNfix ne trouve pas
Bitdefender me trouve plein de messages infestés dans le dossier junk de Thunderbird. (c'est vrai que j'ai un soucis de stockage depuis quelques semaines... je voulais le supprimer après avoir exporté mes carnets d'adresse mais fichier de désinstallation introuvable 'm^me avec Ccleaner). Je n'ose le virer à la sauvage en supprimant directement les dossiers. A votre avis ?

ATTENTION de peur que Spoolms.exe ne fasse des dégats, j'ai interrompu son processus dans le gestionnaire de fichier

MSNfix me dit que je suis infectée mais je ne trouve rien dans son rapport

MSNFix 1.629

C:\msnfix\MSNFix
Fix exécuté le 16/01/2008 - 7:16:55,39 By Administrateur mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\DSC01497.zip
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\DSC01497.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 16012008_ 8005389.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------

1- Le tout premier rapport de Bitdefender m'indiquait

Scanned File


Status

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 755)=>[Subject: ][Date: Tue, 01 Nov 2005 09:01:40 -0600]=>(MIME part)=>Info_prices.zip=>1.exe
Infected with: Win32.Bagle.EI@mm
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 755)=>[Subject: ][Date: Tue, 01 Nov 2005 09:01:40 -0600]=>(MIME part)=>Info_prices.zip=>1.exe
Deleted
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 755)=>[Subject: ][Date: Tue, 01 Nov 2005 09:01:40 -0600]=>(MIME part)=>Info_prices.zip
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 755)=>[Subject: ][Date: Tue, 01 Nov 2005 09:01:40 -0600]=>(MIME part)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 755)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1004)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Tue, 22 Nov 2005 21:53:31 +0100]=>(MIME part)=>(MIME part)=>(message body)
Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1004)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Tue, 22 Nov 2005 21:53:31 +0100]=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1004)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Tue, 22 Nov 2005 21:53:31 +0100]=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1004)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Tue, 22 Nov 2005 21:53:31 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1004)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Tue, 22 Nov 2005 21:53:31 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1004)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1095)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 25 Nov 2005 18:17:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Infected with: Exploit.Iframe.Vulnerability.B
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1095)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 25 Nov 2005 18:17:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1095)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 25 Nov 2005 18:17:27 +0100]=>(MIME part)=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1095)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 25 Nov 2005 18:17:27 +0100]=>(MIME part)=>(MIME part)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1095)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Fri, 25 Nov 2005 18:17:27 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1095)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1097)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Sat, 26 Nov 2005 09:28:37 +0100]=>(MIME part)=>(MIME part)=>(message body)
Infected with: Exploit.Iframe.Vulnerability.B
Disinfection failed
Deleted
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1097)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Sat, 26 Nov 2005 09:28:37 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1097)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1727)=>[Subject: Registration Confirmation][Date: Thu, 29 Dec 2005 14:36:52 GMT]=>(MIME part)=>reg_pass-data.zip
Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1727)=>[Subject: Registration Confirmation][Date: Thu, 29 Dec 2005 14:36:52 GMT]=>(MIME part)=>reg_pass-data.zip
Deleted
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1727)=>[Subject: Registration Confirmation][Date: Thu, 29 Dec 2005 14:36:52 GMT]=>(MIME part)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1727)
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1778)=>[Subject: Registration Confirmation][Date: Mon, 02 Jan 2006 15:48:46 GMT]=>(MIME part)=>reg_pass-data.zip
Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1778)=>[Subject: Registration Confirmation][Date: Mon, 02 Jan 2006 15:48:46 GMT]=>(MIME part)=>reg_pass-data.zip
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1778)=>[Subject: Registration Confirmation][Date: Mon, 02 Jan 2006 15:48:46 GMT]=>(MIME part)
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1778)
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1799)=>[Subject: Registration Confirmation][Date: Tue, 03 Jan 2006 11:43:56 GMT]=>(MIME part)=>reg_pass.zip
Infected with: Win32.Sober.Y@mm
C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1799)=>[Subject: Registration Confirmation][Date: Tue, 03 Jan 2006 11:43:56 GMT]=>(MIME part)=>reg_pass.zip
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1799)=>[Subject: Registration Confirmation][Date: Tue, 03 Jan 2006 11:43:56 GMT]=>(MIME part)
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 1799)
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 6245)=>[Subject: =?iso-8859-1?Q?Message_infect=E9_:_Fw:][Date: 23 Jun 2006 21:15:45 -0000]=>(MIME part)=>Attachments001.BHX
Infected with: Win32.Nyxem.E@mm

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 6245)=>[Subject: =?iso-8859-1?Q?Message_infect=E9_:_Fw:][Date: 23 Jun 2006 21:15:45 -0000]=>(MIME part)=>Attachments001.BHX
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 6245)=>[Subject: =?iso-8859-1?Q?Message_infect=E9_:_Fw:][Date: 23 Jun 2006 21:15:45 -0000]=>(MIME part)=>Attachments001.BHX
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 6245)=>[Subject: =?iso-8859-1?Q?Message_infect=E9_:_Fw:][Date: 23 Jun 2006 21:15:45 -0000]=>(MIME part)
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox=>(message 6245)
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Inbox
Updated

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1032)
Infected with: Generic.Peed.Eml.21B44D2A

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1032)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1032)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1069)
Infected with: Generic.Peed.Eml.5637D621

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1069)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1069)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1123)
Infected with: Generic.Peed.Eml.6D67AF8A

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1123)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1123)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1217)
Infected with: Generic.Peed.Eml.09934ADC

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1217)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1217)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1219)
Infected with: Generic.Peed.Eml.1D7AB768

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1219)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1219)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1403)
Infected with: Generic.Peed.Eml.05B8BA46

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1403)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1403)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1947)
Infected with: Generic.Peed.Eml.A3F0A6C8

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1947)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1947)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1966)
Infected with: Generic.Peed.Eml.1BD36286

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1966)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 1966)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 2114)
Infected with: Generic.Peed.Eml.68D67772

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 2114)
Disinfection failed

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk=>(message 2114)
Deleted

C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\dn66bezh.default\Mail\Local Folders\Junk
Update failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Infected with: Backdoor.Skinymes.Agent.A

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Disinfection failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)
Update failed

C:\WINDOWS\system32\dllcache\spoolms.exe
Infected with: Trojan.Peed.Gen
C:\WINDOWS\system32\dllcache\spoolms.exe
Disinfection failed
C:\WINDOWS\system32\dllcache\spoolms.exe
Delete failed

C:\WINDOWS\wpi\Keygen\NAV.exe
nfected with: Packer.FSG.A

C:\WINDOWS\wpi\Keygen\NAV.exe
Disinfection failed

C:\WINDOWS\wpi\Keygen\NAV.exe
Deleted

E:\Mail\Local Folders\Junk=>(message 1032)
Infected with: Generic.Peed.Eml.21B44D2A

E:\Mail\Local Folders\Junk=>(message 1032)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1032)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1069)
Infected with: Generic.Peed.Eml.5637D621

E:\Mail\Local Folders\Junk=>(message 1069)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1069)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1123)
Infected with: Generic.Peed.Eml.6D67AF8A

E:\Mail\Local Folders\Junk=>(message 1123)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1123)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1217)
Infected with: Generic.Peed.Eml.09934ADC

E:\Mail\Local Folders\Junk=>(message 1217)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1217)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1219)
Infected with: Generic.Peed.Eml.1D7AB768

E:\Mail\Local Folders\Junk=>(message 1219)
Disinfection faile

E:\Mail\Local Folders\Junk=>(message 1219)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1403)
Infected with: Generic.Peed.Eml.05B8BA46

E:\Mail\Local Folders\Junk=>(message 1403)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1403)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1947)
Infected with: Generic.Peed.Eml.A3F0A6C8

E:\Mail\Local Folders\Junk=>(message 1947)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1947)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1966)
Infected with: Generic.Peed.Eml.1BD36286
E:\Mail\Local Folders\Junk=>(message 1966)
Disinfection failed
E:\Mail\Local Folders\Junk=>(message 1966)
Deleted
E:\Mail\Local Folders\Junk
Update failed
E:\Mail\Local Folders\Junk=>(message 2114)
Infected with: Generic.Peed.Eml.68D6777
E:\Mail\Local Folders\Junk=>(message 2114)
Disinfection faile
E:\Mail\Local Folders\Junk=>(message 2114)
Deleted
E:\Mail\Local Folders\Junk
Update faile
E:\Mes Documents\Carnet adresse1\Mail\Local Folders\Boîte de réception=>(message 33)=>[Subject: Fitnessdesdoigts.zip][Date: Fri, 18 Mar 2005 15:55:46 +0100]=>(MIME part)=>LFFitnessdesdoigts.zip=>Fitnessdesdoigts.exe
Infected with: Joke.Buttons
E:\Mes Documents\Carnet adresse1\Mail\Local Folders\Boîte de réception=>(message 33)=>[Subject: Fitnessdesdoigts.zip][Date: Fri, 18 Mar 2005 15:55:46 +0100]=>(MIME part)=>LFFitnessdesdoigts.zip=>Fitnessdesdoigts.exe
Disinfection failed
E:\Mes Documents\Carnet adresse1\Mail\Local Folders\Boîte de réception=>(message 33)=>[Subject: Fitnessdesdoigts.zip][Date: Fri, 18 Mar 2005 15:55:46 +0100]=>(MIME part)=>LFFitnessdesdoigts.zip=>Fitnessdesdoigts.exe
Deleted
E:\Mes Documents\Carnet adresse1\Mail\Local Folders\Boîte de réception=>(message 33)=>[Subject: Fitnessdesdoigts.zip][Date: Fri, 18 Mar 2005 15:55:46 +0100]=>(MIME part)=>LFFitnessdesdoigts.zip
Updated
E:\Mes Documents\Carnet adresse1\Mail\Local Folders\Boîte de réception=>(message 33)=>[Subject: Fitnessdesdoigts.zip][Date: Fri, 18 Mar 2005 15:55:46 +0100]=>(MIME part)
Updated
E:\Mes Documents\Carnet adresse1\Mail\Local Folders\Boîte de réception=>(message 33)
Updated
E:\Mes Documents\Carnet adresse1\Mail\Local Folders\Boîte de réception
Updated

2- Le second rapport (de cette nuit) m'indiquait

Time
01:28:00

Files
377220

Folders
5255

Boot Sector
5

Archives
51857

Packed Files
51962

Results

Identified Viruses
12

Infected Files
12

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
11

Engines Info

Virus Definitions


890275

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File


Status

C:\System Volume Information\_restore{1A86853A-49F9-487C-A074-ABCE7D241C98}\RP559\A0507075.exe
Infected with: Packer.FSG.A

C:\System Volume Information\_restore{1A86853A-49F9-487C-A074-ABCE7D241C98}\RP559\A0507075.exe
Disinfection failed

C:\System Volume Information\_restore{1A86853A-49F9-487C-A074-ABCE7D241C98}\RP559\A0507075.exe
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Infected with: Backdoor.Skinymes.Agent.A

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Disinfection failed

C:\WINDOWS\pack.epk=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted

C:\WINDOWS\pack.epk=>(NSIS 2g)
Update failed

C:\WINDOWS\system32\dllcache\spoolms.exe
Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\dllcache\spoolms.exe
Disinfection failed

C:\WINDOWS\system32\dllcache\spoolms.exe
Delete failed

E:\Mail\Local Folders\Junk=>(message 1032)
Infected with: Generic.Peed.Eml.21B44D2A

E:\Mail\Local Folders\Junk=>(message 1032)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1032)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1069)
Infected with: Generic.Peed.Eml.5637D621

E:\Mail\Local Folders\Junk=>(message 1069)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1069)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1123)
Infected with: Generic.Peed.Eml.6D67AF8A

E:\Mail\Local Folders\Junk=>(message 1123)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1123)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1217)
Infected with: Generic.Peed.Eml.09934ADC

E:\Mail\Local Folders\Junk=>(message 1217)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1217)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1219)
Infected with: Generic.Peed.Eml.1D7AB768

E:\Mail\Local Folders\Junk=>(message 1219)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1219)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1403)
Infected with: Generic.Peed.Eml.05B8BA46

E:\Mail\Local Folders\Junk=>(message 1403)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1403)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1947)
Infected with: Generic.Peed.Eml.A3F0A6C8

E:\Mail\Local Folders\Junk=>(message 1947)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1947)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 1966)
Infected with: Generic.Peed.Eml.1BD36286

E:\Mail\Local Folders\Junk=>(message 1966)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 1966)
Deleted

E:\Mail\Local Folders\Junk
Update failed

E:\Mail\Local Folders\Junk=>(message 2114)
Infected with: Generic.Peed.Eml.68D67772

E:\Mail\Local Folders\Junk=>(message 2114)
Disinfection failed

E:\Mail\Local Folders\Junk=>(message 2114)
Deleted

E:\Mail\Local Folders\Junk
Update failed


3 -J'ai passé hijackthis en voici le rapport

Logfile of HijackThis v1.99.1
Scan saved at 09:22:13, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes: (spoolms.exe ne figure pas car je l'ai interrompu)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hphmon04.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.veepee.fr/sorry/404.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

-CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat

7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers

communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF

- res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF

existant - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file

missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags

Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown

Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE

Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

https://www.trendmicro.com/en_us/forHome/products/housecall.html

l/xscan53.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo

Upload Control) - http://anitaleclown.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -

http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags

Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers

communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe


j'ai relancé un autre MSNFix, pris sur le site original et voici le nouveau rapport

MSNFix 1.631

C:\msnfix\MSNFix
Fix exécuté le 16/01/2008 - 9:44:15,87 By Administrateur
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

Aucun Fichier trouvé



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------




Donc voila.


Que dois je faire maintenant ? JE N'OSE PAS REDEMARRER MON PC CAR J'AI UN PRESSENTIMENT QU'il ne REDEMARRERA PLUS

Je suivrai bien une procédure déja existante dans votre forum mais comme MSNfix ne trouve pas le fichier... je ne sais plus
Grand merci

1 réponse

Réponse 1 / 1
roxypoupette Messages postés 620 Date d'inscription jeudi 27 décembre 2007 Statut Membre Dernière intervention 23 septembre 2017 33
16 janv. 2008 à 17:47
essaie de telecharger SPYWARE doctor dans le google pack il est assez performant
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
comment envoyer un virus ?
willva -
BeFaX -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses