virus VBS:malware(gen)
Forum Sécurité - Virus : virus VBS:malware(gen)
bonjour, avast détecte sur mon pc un virus. Il est mentionné ainsi: VBS:malware(gen).
J'ai suivi les instructions données à angelo7 (hijackthis v.1.99.1 téléchargé et lancé).
J'ai fait le scan et voici le résultat:
Logfile of HijackThis v1.99.1
Scan saved at 14:22:11, on 27/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Hiajckthis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.158.172.121 www.google.de
O1 - Hosts: 195.158.172.121 google.de
O1 - Hosts: 195.158.172.121 googl.de
O1 - Hosts: 195.158.172.121 www.googl.de
O1 - Hosts: 195.158.172.121 www.google.at
O1 - Hosts: 195.158.172.121 google.at
O1 - Hosts: 195.158.172.121 www.google.ch
O1 - Hosts: 195.158.172.121 google.ch
O1 - Hosts: 195.158.172.121 www.google.nl
O1 - Hosts: 195.158.172.121 google.nl
O1 - Hosts: 195.158.172.121 www.google.se
O1 - Hosts: 195.158.172.121 google.se
O1 - Hosts: 195.158.172.121 www.googl.at
O1 - Hosts: 195.158.172.121 googl.at
O1 - Hosts: 195.158.172.121 www.googl.ch
O1 - Hosts: 195.158.172.121 googl.ch
O1 - Hosts: 195.158.172.121 www.googl.nl
O1 - Hosts: 195.158.172.121 googl.nl
O1 - Hosts: 195.158.172.121 www.googl.se
O1 - Hosts: 195.158.172.121 googl.se
O1 - Hosts: 195.158.172.121 auto.search.msn.de
O1 - Hosts: 66.249.85.99 http://www.google.de/intl/de/ads/
O1 - Hosts: 66.249.85.99 http://www.google.de/imghp?hl=de&tab=wi
O1 - Hosts: 66.249.85.99 http://groups.google.de/grphp?hl=de&tab=wg
O1 - Hosts: 66.249.85.99 http://www.google.de/dirhp?hl=de&tab=wd
O1 - Hosts: 66.249.85.99 http://news.google.de/nwshp?hl=de&tab=wn
O1 - Hosts: 66.249.85.99 http://froogle.google.de/frghp?hl=de&tab=wf
O1 - Hosts: 66.249.85.99 http://www.google.de/intl/de/options/
O1 - Hosts: 66.249.85.99 http://www.google.de/advanced_search?hl=de
O1 - Hosts: 66.249.85.99 http://www.google.de/preferences?hl=de
O1 - Hosts: 66.249.85.99 http://www.google.de/language_tools?hl=de
O1 - Hosts: 66.249.85.99 http://www.google.de/services/
O1 - Hosts: 66.249.85.99 http://www.google.de/intl/de/about.html
O1 - Hosts: 66.249.85.99 http://www.google.com/ncr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D'avance merci pour vos réponses...
Télécharge, installe et mets à jour ewido
http://www.infos-du-net.com/telech [...] Suite.html
Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
Lance ewido (Scan complet du système) et supprime tout ce qu'il trouve. Sauvegarde le rapport sur le bureau.
Redémarre normalement et poste le rapport d'ewido et un nouveau Log HJT
J'ai suivi tes conseils: j'ai fait un scan avec ewido puis avec hijackthis.
Voici les rapports:
1/EWIDO:
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 11:39:31, 01/03/2006
+ Somme de contrôle: D71D1034
+ Résultats du scan:
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@adtech[2].txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@ivwbox[1].txt -> TrackingCookie.Ivwbox : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@msnuk.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@vip2.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@wreport.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Cookies\naudet stéphane@yadro[1].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Local Settings\Temp\Répertoire temporaire 1 pour Act Of War - Direct Action en français 1.0 + crack (Napster13 PC Tuning).zip\Act Of War - Direct Action\Crack\ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Local Settings\Temp\Répertoire temporaire 2 pour Act Of War - Direct Action en français 1.0 + crack (Napster13 PC Tuning).zip\Act Of War - Direct Action\Crack\ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Nettoyer et sauvegarder
C:\Documents and Settings\NAUDET Stéphane\Mes documents\Mes Jeux\Act Of War - Direct Action en français 1.0 + crack (Napster13 PC Tuning)\Act Of War - Direct Action\Crack\ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Nettoyer et sauvegarder
::Fin du rapport
2/HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 13:14:15, on 01/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Hiajckthis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 195.158.172.121 www.google.de
O1 - Hosts: 195.158.172.121 google.de
O1 - Hosts: 195.158.172.121 googl.de
O1 - Hosts: 195.158.172.121 www.googl.de
O1 - Hosts: 195.158.172.121 www.google.at
O1 - Hosts: 195.158.172.121 google.at
O1 - Hosts: 195.158.172.121 www.google.ch
O1 - Hosts: 195.158.172.121 google.ch
O1 - Hosts: 195.158.172.121 www.google.nl
O1 - Hosts: 195.158.172.121 google.nl
O1 - Hosts: 195.158.172.121 www.google.se
O1 - Hosts: 195.158.172.121 google.se
O1 - Hosts: 195.158.172.121 www.googl.at
O1 - Hosts: 195.158.172.121 googl.at
O1 - Hosts: 195.158.172.121 www.googl.ch
O1 - Hosts: 195.158.172.121 googl.ch
O1 - Hosts: 195.158.172.121 www.googl.nl
O1 - Hosts: 195.158.172.121 googl.nl
O1 - Hosts: 195.158.172.121 www.googl.se
O1 - Hosts: 195.158.172.121 googl.se
O1 - Hosts: 195.158.172.121 auto.search.msn.de
O1 - Hosts: 66.249.85.99 http://www.google.de/intl/de/ads/
O1 - Hosts: 66.249.85.99 http://www.google.de/imghp?hl=de&tab=wi
O1 - Hosts: 66.249.85.99 http://groups.google.de/grphp?hl=de&tab=wg
O1 - Hosts: 66.249.85.99 http://www.google.de/dirhp?hl=de&tab=wd
O1 - Hosts: 66.249.85.99 http://news.google.de/nwshp?hl=de&tab=wn
O1 - Hosts: 66.249.85.99 http://froogle.google.de/frghp?hl=de&tab=wf
O1 - Hosts: 66.249.85.99 http://www.google.de/intl/de/options/
O1 - Hosts: 66.249.85.99 http://www.google.de/advanced_search?hl=de
O1 - Hosts: 66.249.85.99 http://www.google.de/preferences?hl=de
O1 - Hosts: 66.249.85.99 http://www.google.de/language_tools?hl=de
O1 - Hosts: 66.249.85.99 http://www.google.de/services/
O1 - Hosts: 66.249.85.99 http://www.google.de/intl/de/about.html
O1 - Hosts: 66.249.85.99 http://www.google.com/ncr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Qu'est-ce que tu en penses?
D'avance merci.
Il y a 1477 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
