vanessa03

quelle rapidité, merci je fais ce que tu me proposes car j'ai encore des soucis (antivir se désactive au démarrage). voici le rapport : Logfile of HijackThis v1.99.1 Scan saved at 23:15:54, on 20/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\Winampa.exe C:\Apps\ActivBoard\TrayMon.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\HijackThis\Vanessa.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Mémento.lnk = C:\quickenw\billmind.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: officejet 6100.lnk = ? O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Bonjour Bruce lee, merci beaucoup pour ton aide précieuse; voici les rapports : y-a-t-il encore des problèmes ? HKU\S-1-5-21-874574627-809299238-1685927933-1007\Software\Surfairy -> Adware.Surfairy : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Proprietaire\Cookies\proprietaire@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@com[2].txt -> TrackingCookie.Com : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@gator[1].txt -> TrackingCookie.Gator : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@ehg-francetelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@ivwbox[1].txt -> TrackingCookie.Ivwbox : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@paycounter[1].txt -> TrackingCookie.Paycounter : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.qksrv[2].txt -> TrackingCookie.Qksrv : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@realmedia[2].txt -> TrackingCookie.Realmedia : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@trafficmp[2].txt -> TrackingCookie.Trafficmp : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@netbooster.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@x10[2].txt -> TrackingCookie.X10 : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 21:00:45, on 20/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\HijackThis\Vanessa.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Mémento.lnk = C:\quickenw\billmind.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: officejet 6100.lnk = ? O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Bonjour, quelqu'un peut-il analyser les rapports ci-dessous et m'indiquer la marche à suivre pour éradiquer les virus et autres malware ? Merci par avance, vanessa Logfile of HijackThis v1.99.1 Scan saved at 10:16:10, on 19/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\HijackThis\Vanessa.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Surfairy - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - C:\Program Files\Surfairy\SurfairyHlp.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Mémento.lnk = C:\quickenw\billmind.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: officejet 6100.lnk = ? O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe AntiVir PersonalEdition Classic Report file date: lundi 19 février 2007 09:01 Scanning for 674037 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (plain) [5.1.2600] Username: Proprietaire Computer name: VANESSA Version information: BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00 AVSCAN.EXE : 7.0.3.5 208936 Bytes 18/02/2007 22:43:43 AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 16:00:22 LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 16:07:46 LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 16:00:22 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 15:30:06 ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 12/01/2007 22:43:45 ANTIVIR2.VDF : 6.37.1.85 598016 Bytes 14/02/2007 22:43:45 ANTIVIR3.VDF : 6.37.1.110 41984 Bytes 18/02/2007 22:43:45 AVEWIN32.DLL : 7.3.1.37 2306560 Bytes 18/02/2007 22:43:46 AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 10:53:44 AVREP.DLL : 6.37.1.100 1142824 Bytes 18/02/2007 22:43:45 AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 08:43:31 AVPACK32.DLL : 7.2.0.5 368680 Bytes 23/10/2006 15:21:31 AVREG.DLL : 7.0.1.2 30760 Bytes 18/02/2007 22:43:43 NETNT.DLL : No Information! RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 12:26:26 RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 16:00:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Skipped archive types............: BSD Mailbox, Netscape/Mozilla Mailbox, Eudora Mailbox, Squid cache, Pegasus Mailbox, MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Different risk categories........: +GAME,+JOKE,+SPR, Start of the scan: lundi 19 février 2007 09:01 The scan of running processes will be started Scan process 'avscan.exe' - '1' Modules have been scanned Scan process 'hpgs2wnf.exe' - '1' Modules have been scanned Scan process 'helpsvc.exe' - '1' Modules have been scanned Scan process 'avcenter.exe' - '1' Modules have been scanned Scan process 'explorer.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'lsass.exe' - '1' Modules have been scanned Scan process 'services.exe' - '1' Modules have been scanned Scan process 'winlogon.exe' - '1' Modules have been scanned Scan process 'csrss.exe' - '1' Modules have been scanned Scan process 'smss.exe' - '1' Modules have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 29 files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! C:\APPS\HOMEPAGE\HOMEPGUI.EXE [DETECTION] Contains signature of the joke program JOKE/Scary.H [iNFO] The file was deleted! C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\5O8V5XK1\mastaporn2[1].exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\J9QVGQE0\sodofever1[1].exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\SLU7C5IN\mastaanal2[1].exe [DETECTION] Contains signature of the dial-up program DIAL/Generic [iNFO] The file was deleted! C:\Program Files\Surfairy\SurfairyHlp.dll [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '464b6129.qua'! C:\WINDOWS\RESTORE.ins [0] Archive type: ARJ --> C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE [DETECTION] Contains signature of the SPR/PsKill.A.13 program [iNFO] The file was deleted! C:\WINDOWS\system\RESTORE.ins [0] Archive type: ARJ --> C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE [DETECTION] Contains signature of the SPR/PsKill.A.13 program [iNFO] The file was deleted! End of the scan: lundi 19 février 2007 09:54 Used time: 53:06 min The scan has been done completely. 3761 Scanning directories 169996 Files were scanned 7 viruses and/or unwanted programs were found 6 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 169989 Files not concerned 6336 Archives were scanned 1 Warnings 0 Notes