[trojan spyware] infecté par Win32 et trojan Fermé

Question

Bonjour à tous !!! j'ai suivi les recommandations d'usage suite à des pertes de connexion sauvages et ma crainte d'avoir chopé un trojan , et j'ai effectué les 6 manoeuvres prealables avant de créer mon sujet : 

1/ Adaware 
2/Spybot
3/Ewido en fait AVG Anti Spyware ( et auomatiquement  avec la version 7.5 il m'a m^me remplacé mon ancien antivirus Antivir ) 
4/CC Cleaner
5/Scan OnLine BitDefender
6/ HijackThis


-------------------

Voici les logs : 

A² : ( pas moyen d'installer ewido ) : 

[quote]a-squared Free - Version 2

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	23/07/2007 21:34:53


Scanned

Files: 	255385
Traces: 	127074
Cookies: 	29
Processes: 	27

Found

Files: 	0
Traces: 	3
Cookies: 	0
Processes: 	0

Scan end:	23/07/2007 23:34:45
Scan time:	01:59:52
[/quote]





Scan on Line BitDefender : 

[quote]BitDefender Online Scanner
	

 
	

 

Scan report generated at: Mon, Jul 23, 2007 - 18:40:09

 
	

 
	

 

Scan path: A:\;C:\;D:\;E:\;G:\;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

02:59:16

Files
	

414863

Folders
	

11692

Boot Sectors
	

3

Archives
	

30925

Packed Files
	

13319
	

 
	

 

Results

Identified Viruses
	

5

Infected Files
	

9

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

9
	

 
	

 

Engines Info

Virus Definitions
	

640054

Engine build
	

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

6

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 158)=>[Subject: Undelivered Mail Returned to Sender][Date: Mon, 11 Apr 2005 23:25:14 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: patched][Date: Mon, 11 Apr 2005 23:25:11 +0200]=>(MIME part)=>information.zip=>archstored:details.txt .pif
	

Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 158)=>[Subject: Undelivered Mail Returned to Sender][Date: Mon, 11 Apr 2005 23:25:14 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: patched][Date: Mon, 11 Apr 2005 23:25:11 +0200]=>(MIME part)=>information.zip=>archstored:details.txt .pif
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 158)=>[Subject: Undelivered Mail Returned to Sender][Date: Mon, 11 Apr 2005 23:25:14 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: patched][Date: Mon, 11 Apr 2005 23:25:11 +0200]=>(MIME part)=>information.zip
	

Update failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 249)=>[Subject: Undelivered Mail Returned to Sender][Date: Mon, 2 May 2005 23:47:22 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: word document][Date: Mon, 2 May 2005 23:47:30 +0200]=>(MIME part)=>document_marguiazam.zip=>archstored:document.txt .exe
	

Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 249)=>[Subject: Undelivered Mail Returned to Sender][Date: Mon, 2 May 2005 23:47:22 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: word document][Date: Mon, 2 May 2005 23:47:30 +0200]=>(MIME part)=>document_marguiazam.zip=>archstored:document.txt .exe
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 249)=>[Subject: Undelivered Mail Returned to Sender][Date: Mon, 2 May 2005 23:47:22 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: word document][Date: Mon, 2 May 2005 23:47:30 +0200]=>(MIME part)=>document_marguiazam.zip
	

Update failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 275)=>[Subject: Undelivered Mail Returned to Sender][Date: Sat, 7 May 2005 19:03:48 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: Proof of concept][Date: Sat, 7 May 2005 19:03:55 +0200]=>(MIME part)=>part_01.zip=>archstored:document.txt .exe
	

Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 275)=>[Subject: Undelivered Mail Returned to Sender][Date: Sat, 7 May 2005 19:03:48 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: Proof of concept][Date: Sat, 7 May 2005 19:03:55 +0200]=>(MIME part)=>part_01.zip=>archstored:document.txt .exe
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 275)=>[Subject: Undelivered Mail Returned to Sender][Date: Sat, 7 May 2005 19:03:48 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: Proof of concept][Date: Sat, 7 May 2005 19:03:55 +0200]=>(MIME part)=>part_01.zip
	

Update failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 366)=>[Subject: Undelivered Mail Returned to Sender][Date: Thu, 26 May 2005 20:01:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Private document][Date: Thu, 26 May 2005 20:02:03 +0200]=>(MIME part)=>document342.zip=>archstored:data.rtf .scr
	

Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 366)=>[Subject: Undelivered Mail Returned to Sender][Date: Thu, 26 May 2005 20:01:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Private document][Date: Thu, 26 May 2005 20:02:03 +0200]=>(MIME part)=>document342.zip=>archstored:data.rtf .scr
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 366)=>[Subject: Undelivered Mail Returned to Sender][Date: Thu, 26 May 2005 20:01:54 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Private document][Date: Thu, 26 May 2005 20:02:03 +0200]=>(MIME part)=>document342.zip
	

Update failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 456)=>[Subject: Undelivered Mail Returned to Sender][Date: Tue, 14 Jun 2005 23:59:53 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: A!p$ghsa][Date: Tue, 14 Jun 2005 23:59:55 +0200]=>(MIME part)=>details03.zip=>archstored:document.txt .exe
	

Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 456)=>[Subject: Undelivered Mail Returned to Sender][Date: Tue, 14 Jun 2005 23:59:53 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: A!p$ghsa][Date: Tue, 14 Jun 2005 23:59:55 +0200]=>(MIME part)=>details03.zip=>archstored:document.txt .exe
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 456)=>[Subject: Undelivered Mail Returned to Sender][Date: Tue, 14 Jun 2005 23:59:53 +0200 (CEST)]=>(MIME part)=>(message)=>[Subject: Re: A!p$ghsa][Date: Tue, 14 Jun 2005 23:59:55 +0200]=>(MIME part)=>details03.zip
	

Update failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 901)=>[Subject: ][Date: Wed, 21 Sep 2005 09:42:41 +0800]=>(MIME part)=>price_new.zip=>06.exe
	

Infected with: Win32.Bagle.JL@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 901)=>[Subject: ][Date: Wed, 21 Sep 2005 09:42:41 +0800]=>(MIME part)=>price_new.zip=>06.exe
	

Disinfection failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 901)=>[Subject: ][Date: Wed, 21 Sep 2005 09:42:41 +0800]=>(MIME part)=>price_new.zip=>06.exe
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 901)=>[Subject: ][Date: Wed, 21 Sep 2005 09:42:41 +0800]=>(MIME part)=>price_new.zip
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 901)=>[Subject: ][Date: Wed, 21 Sep 2005 09:42:41 +0800]=>(MIME part)
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 901)
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 1079)=>(base64)
	

Infected with: Win32.Netsky.Y@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 1079)=>(base64)
	

Disinfection failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 1079)=>(base64)
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 1079)
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 2410)=>[Subject: Mail server report.][Date: :?, 22 2006 20:00:42 +0800]=>(MIME part)=>Update-KB9140-x86.exe
	

Infected with: Win32.Warezov.GC@mm

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 2410)=>[Subject: Mail server report.][Date: :?, 22 2006 20:00:42 +0800]=>(MIME part)=>Update-KB9140-x86.exe
	

Disinfection failed

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 2410)=>[Subject: Mail server report.][Date: :?, 22 2006 20:00:42 +0800]=>(MIME part)=>Update-KB9140-x86.exe
	

Deleted

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 2410)=>[Subject: Mail server report.][Date: :?, 22 2006 20:00:42 +0800]=>(MIME part)
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox=>(message 2410)
	

Updated

C:\Documents and Settings\Jean-Mi\Application Data\Thunderbird\Profiles\3ghb8vop.default\Mail\pop.free.fr\Inbox
	

Updated

C:\Documents and Settings\Jean-Mi\Local Settings\Application Data\Identities\{C8F49FA7-1A37-471B-AE5A-49F0909D666A}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx=>(message 0)=>[From: Online Rx][Date: 10 Mar 2007 07:17:06 -0800]=>(MIME part)=>uima.html
	

Infected with: Trojan.JS.Redirector.B

C:\Documents and Settings\Jean-Mi\Local Settings\Application Data\Identities\{C8F49FA7-1A37-471B-AE5A-49F0909D666A}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx=>(message 0)=>[From: Online Rx][Date: 10 Mar 2007 07:17:06 -0800]=>(MIME part)=>uima.html
	

Disinfection failed

C:\Documents and Settings\Jean-Mi\Local Settings\Application Data\Identities\{C8F49FA7-1A37-471B-AE5A-49F0909D666A}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx=>(message 0)=>[From: Online Rx][Date: 10 Mar 2007 07:17:06 -0800]=>(MIME part)=>uima.html
	

Deleted

C:\Documents and Settings\Jean-Mi\Local Settings\Application Data\Identities\{C8F49FA7-1A37-471B-AE5A-49F0909D666A}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx=>(message 0)=>[From: Online Rx][Date: 10 Mar 2007 07:17:06 -0800]=>(MIME part)
	

Updated

C:\Documents and Settings\Jean-Mi\Local Settings\Application Data\Identities\{C8F49FA7-1A37-471B-AE5A-49F0909D666A}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx=>(message 0)
	

Updated

C:\Documents and Settings\Jean-Mi\Local Settings\Application Data\Identities\{C8F49FA7-1A37-471B-AE5A-49F0909D666A}\Microsoft\Outlook Express\Hotmail - Courrier indésirable.dbx
	

Update failed[/quote]



et le log HijackThis : 



[quote]Logfile of HijackThis v1.99.1
Scan saved at 20:24:30, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cybervulcans.net/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\Program Files\Yahoo!\Plus\search\searchbar_setup.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.trendmicro.com/en_us/forHome/products/housecall.html
O15 - Trusted Zone: https://www.bitdefender.fr/
O15 - Trusted Zone: http://*.cy
O15 - Trusted Zone: http://www.cybervulcans.net/site/
O15 - Trusted Zone: https://www.emsisoft.com/fr/
O15 - Trusted Zone: http://stphoto.ifrance.com
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - Trusted Zone: https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O15 - Trusted Zone: http://www.poulpe.org
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://*.secuser.com
O15 - Trusted Zone: https://security.symantec.com/
O15 - Trusted Zone: https://www.trendmicro.com/fr_fr/business.html
O15 - Trusted Zone: http://techgenix.com/security/
O15 - Trusted Zone: https://www.smartphoto.fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.13/cfweb_activex.camfrogweb.com-advanced-2.0.1.13_instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[/quote]


j'espere que vous pourrez m'aider , je suis bien blond en Informatik !!! ;) :( 


Merci d'avance

Timothé Balguerie · Answer

Salut, je te conseil de tout d'éffectuer tout l'acrticle sur ce blog pour nettoyer ton PC : http://aide-windows.over-blog.com/article-11026109.html Bonne chance !

[trojan spyware] infecté par Win32 et trojan

1 réponse

Discussions similaires