Votre question

[résolu] Messenger virus

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Mars 2008 21:43:42

[#ffff00]
Bonsoir à tous,

j'ai été infecté par le fameux virus circulant sur messenger et je cherche de l'aide pour m'en débarasser.

J'ai lu quelques sujets et j'ai déja téléchargé msfix et hijackthis, mais sans rien tenter car j'ai peur de faire une connerie.

Merci à ceux qui pourront me venir en aide...

Autres pages sur : resolu messenger virus

a b 8 Sécurité
25 Mars 2008 21:54:36

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
25 Mars 2008 22:18:57

Bonsoir,
voici le rapport de msnfix

MSNFix 1.690

C:\Documents and Settings\David\Bureau\MSNFix
Fix exécuté le 25/03/2008 - 21:56:09,90 By David
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\winboot.exe
... C:\DOCUME~1\David\LOCALS~1\Temp\MyPhoto*.zip
... C:\DOCUME~1\David\LOCALS~1\Temp\removalfile.bat
... C:\WINDOWS\cookies.ini

************************ Recherche les dossiers présents

... \TEMP\
... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\David\LOCALS~1\Temp\winlogon.exe
.. OK ... C:\DOCUME~1\David\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\winboot.exe
/!\ ... C:\DOCUME~1\David\LOCALS~1\Temp\MyPhoto*.zip
.. OK ... C:\DOCUME~1\David\LOCALS~1\Temp\removalfile.bat
.. OK ... C:\WINDOWS\cookies.ini


************************ Suppression des dossiers

.. OK ... \TEMP\
.. OK ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\David\LOCALS~1\Temp\MyPhoto*.zip



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\setupfre.exe] 0C82D327DA8F1B164190F9F0FDE659C1

==> SVP merci d'envoyer le fichier C:\DOCUME~1\David\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 25032008_22091189.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Merci
Contenus similaires
a b 8 Sécurité
26 Mars 2008 14:21:36

T'es un homonyme :D 

CECI EST UNE ETAPE IMPORTANTE A REALISER ![/#f]
Upload l'archive Upload_Me.zip contenant les fichiers suspects afin de développer l'outil MSNFix.
AIDE : Upload des fichiers supects pour MSNFix

&

Télécharge puis installe Hijackthis ([#ff0000]Trend Micro
).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
26 Mars 2008 19:11:46

Bonjour,
ci-dessous le rapport de hijachthis

Logfile of HijackThis v1.99.1
Scan saved at 19:10:48, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [BM8f95c03a] Rundll32.exe "C:\WINDOWS\system32\pmbohtem.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/z...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Merci
a b 8 Sécurité
26 Mars 2008 19:16:00

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    26 Mars 2008 20:36:00

    Re,

    voici le rapport de Combofix

    ComboFix 08-03-25.4 - David 2008-03-26 20:24:28.2 - NTFSx86
    Endroit: C:\Documents and Settings\David\Bureau\combofix.exe
    .
    -- Script messages for sUBs --
    Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
    GREP -Eisf temp00
    VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Claude\err.log
    C:\Documents and Settings\Claude\ResErrors.log
    C:\Documents and Settings\David\err.log
    C:\Documents and Settings\David\ResErrors.log
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\David\Application Data\DriveCleaner Free
    C:\Documents and Settings\David\Application Data\DriveCleaner Free\Logs\update.log
    C:\Program Files\Fichiers communs\drivecleaner free
    C:\Program Files\Fichiers communs\drivecleaner free\trz14.tmp
    C:\WINDOWS\BM8f95c03a.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\jboefsdy.dll
    C:\WINDOWS\system32\jjkkj.ini
    C:\WINDOWS\system32\jjkkj.ini2
    C:\WINDOWS\system32\jkkjj.dll
    C:\WINDOWS\system32\jkkLDUkl.dll
    C:\WINDOWS\system32\MabryObj.dll
    C:\WINDOWS\system32\mljkjih.dll
    C:\WINDOWS\system32\rsbnvccb.dll
    C:\WINDOWS\system32\xohkwolb.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-26 19:38 . 2008-03-26 19:38 268 --ah----- C:\sqmdata09.sqm
    2008-03-26 19:38 . 2008-03-26 19:38 244 --ah----- C:\sqmnoopt09.sqm
    2008-03-25 22:03 . 2008-03-25 22:03 244 --ah----- C:\sqmnoopt08.sqm
    2008-03-25 22:03 . 2008-03-25 22:03 232 --ah----- C:\sqmdata08.sqm
    2008-03-25 21:20 . 2008-03-25 21:20 244 --ah----- C:\sqmnoopt07.sqm
    2008-03-25 21:20 . 2008-03-25 21:20 232 --ah----- C:\sqmdata07.sqm
    2008-03-25 21:08 . 2008-03-25 21:08 130 --a------ C:\WINDOWS\cookies.MSNFix
    2008-03-25 20:44 . 2008-03-26 18:37 1,519,591 ---hs---- C:\WINDOWS\system32\tbrncjqg.ini
    2008-03-25 20:39 . 2008-03-25 20:39 268 --ah----- C:\sqmdata06.sqm
    2008-03-25 20:39 . 2008-03-25 20:39 244 --ah----- C:\sqmnoopt06.sqm
    2008-03-22 15:31 . 2008-03-22 15:31 268 --ah----- C:\sqmdata05.sqm
    2008-03-22 15:31 . 2008-03-22 15:31 244 --ah----- C:\sqmnoopt05.sqm
    2008-03-22 09:35 . 2008-03-25 20:35 1,580,349 ---hs---- C:\WINDOWS\system32\cgfwpdbx.ini
    2008-03-21 15:08 . 2008-03-22 09:33 1,539,796 ---hs---- C:\WINDOWS\system32\kmvklbtg.ini
    2008-03-21 15:06 . 2008-03-21 15:06 1,539,736 ---hs---- C:\WINDOWS\system32\KRAcKkkj.ini
    2008-03-19 19:18 . 2008-03-19 16:10 82,432 --a------ C:\WINDOWS\system32\winboot.MSNFix

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-26 19:20 --------- d-----w C:\Program Files\Wanadoo
    2008-03-14 20:28 --------- d-----w C:\Documents and Settings\David\Application Data\Skype
    2008-03-01 15:10 --------- d-----w C:\Program Files\IncrediMail
    2007-09-10 09:00 65,928 -c--a-w C:\Documents and Settings\Claude\Application Data\GDIPFONTCACHEV1.DAT
    2006-12-31 00:30 65,928 -c--a-w C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}]
    2002-05-03 13:27 81920 --a------ C:\Program Files\Surfairy\SurfairyHlp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" []
    "nwiz"="nwiz.exe" [2002-02-01 17:46 303104 C:\WINDOWS\system32\nwiz.exe]
    "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43 35328]
    "ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 17:51 192512]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01 155648]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34 299008]
    "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" [ ]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-10-18 09:45 26112]
    "ActivSurf"="C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe" [2002-10-18 09:42 16384]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 21:37 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39 77824]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
    "BM8f95c03a"="C:\WINDOWS\system32\pmbohtem.dll" [ ]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-02-12 19:38:13 110592]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-21 03:48:21 67128]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkjih]
    mljkjih.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
    R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 05:41]
    R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-03-01 04:22]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-03-01 04:22]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-09-10 19:09]
    S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 15:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05a642c8-a02a-11dc-821f-0010dc739e03}]
    \Shell\AutoRun\command - D:\InstallTomTomHOME.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-26 19:08:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 20:31:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-26 20:35:35
    ComboFix-quarantined-files.txt 2008-03-26 19:35:30
    .
    2008-03-14 20:33:48 --- E O F ---


    Merci
    a b 8 Sécurité
    26 Mars 2008 20:55:29

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\tbrncjqg.ini
    C:\WINDOWS\system32\cgfwpdbx.ini
    C:\WINDOWS\system32\kmvklbtg.ini
    C:\WINDOWS\system32\KRAcKkkj.ini
    C:\WINDOWS\system32\winboot.MSNFix
    C:\WINDOWS\system32\pmbohtem.dll

    Folder::
    C:\Program Files\Surfairy

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BM8f95c03a"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkjih]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    26 Mars 2008 21:29:16

    il n'y a pas eu de redémarrage.

    Voici le rapport de Combofix :

    ComboFix 08-03-25.4 - David 2008-03-26 21:16:38.3 - NTFSx86
    Endroit: C:\Documents and Settings\David\Bureau\combofix.exe
    Command switches used :: C:\Documents and Settings\David\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\system32\cgfwpdbx.ini
    C:\WINDOWS\system32\kmvklbtg.ini
    C:\WINDOWS\system32\KRAcKkkj.ini
    C:\WINDOWS\system32\pmbohtem.dll
    C:\WINDOWS\system32\tbrncjqg.ini
    C:\WINDOWS\system32\winboot.MSNFix
    .
    -- Script messages for sUBs --
    Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
    GREP -Eisf temp00
    VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Surfairy
    C:\Program Files\Surfairy\Readme_fr.txt
    C:\Program Files\Surfairy\SurfairyFilter.dll
    C:\Program Files\Surfairy\SurfairyHlp.dll
    C:\Program Files\Surfairy\uninst.exe
    C:\Program Files\Surfairy\win32sf32.ico
    C:\Program Files\Surfairy\win32sfh.ico
    C:\WINDOWS\system32\cgfwpdbx.ini
    C:\WINDOWS\system32\kmvklbtg.ini
    C:\WINDOWS\system32\KRAcKkkj.ini
    C:\WINDOWS\system32\tbrncjqg.ini
    C:\WINDOWS\system32\winboot.MSNFix

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-26 21:12 . 2008-03-26 21:12 268 --ah----- C:\sqmdata10.sqm
    2008-03-26 21:12 . 2008-03-26 21:12 244 --ah----- C:\sqmnoopt10.sqm
    2008-03-26 19:38 . 2008-03-26 19:38 268 --ah----- C:\sqmdata09.sqm
    2008-03-26 19:38 . 2008-03-26 19:38 244 --ah----- C:\sqmnoopt09.sqm
    2008-03-25 22:03 . 2008-03-25 22:03 244 --ah----- C:\sqmnoopt08.sqm
    2008-03-25 22:03 . 2008-03-25 22:03 232 --ah----- C:\sqmdata08.sqm
    2008-03-25 21:20 . 2008-03-25 21:20 244 --ah----- C:\sqmnoopt07.sqm
    2008-03-25 21:20 . 2008-03-25 21:20 232 --ah----- C:\sqmdata07.sqm
    2008-03-25 21:08 . 2008-03-25 21:08 130 --a------ C:\WINDOWS\cookies.MSNFix
    2008-03-25 20:39 . 2008-03-25 20:39 268 --ah----- C:\sqmdata06.sqm
    2008-03-25 20:39 . 2008-03-25 20:39 244 --ah----- C:\sqmnoopt06.sqm
    2008-03-22 15:31 . 2008-03-22 15:31 268 --ah----- C:\sqmdata05.sqm
    2008-03-22 15:31 . 2008-03-22 15:31 244 --ah----- C:\sqmnoopt05.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-26 20:12 --------- d-----w C:\Program Files\Wanadoo
    2008-03-14 20:28 --------- d-----w C:\Documents and Settings\David\Application Data\Skype
    2008-03-01 15:10 --------- d-----w C:\Program Files\IncrediMail
    2007-09-10 09:00 65,928 -c--a-w C:\Documents and Settings\Claude\Application Data\GDIPFONTCACHEV1.DAT
    2006-12-31 00:30 65,928 -c--a-w C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" []
    "nwiz"="nwiz.exe" [2002-02-01 17:46 303104 C:\WINDOWS\system32\nwiz.exe]
    "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43 35328]
    "ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2002-06-19 17:51 192512]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01 155648]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34 299008]
    "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" [ ]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-10-18 09:45 26112]
    "ActivSurf"="C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe" [2002-10-18 09:42 16384]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 21:37 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39 77824]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-02-12 19:38:13 110592]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-21 03:48:21 67128]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38]
    R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 05:41]
    R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-03-01 04:22]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-03-01 04:22]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-09-10 19:09]
    S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 15:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05a642c8-a02a-11dc-821f-0010dc739e03}]
    \Shell\AutoRun\command - D:\InstallTomTomHOME.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-26 20:08:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 21:22:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-26 21:26:29
    ComboFix-quarantined-files.txt 2008-03-26 20:26:13
    ComboFix2.txt 2008-03-26 19:35:36
    .
    2008-03-14 20:33:48 --- E O F ---


    Et voici celui de Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 21:28:43, on 26/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\David\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/z...
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

    Merci et bon courage
    a b 8 Sécurité
    26 Mars 2008 22:01:19

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    27 Mars 2008 21:03:59

    Bonjour,

    voici le rapport de Malwarebyte

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 556

    Type de recherche: Examen complet (A:\|C:\|)
    Eléments examinés: 115865
    Temps écoulé: 34 minute(s), 27 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 11
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\syswebtelecom.syswebtelecom (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{efb22865-f3bc-4309-adfa-c8e078a7f762} (Dialer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{efb22865-f3bc-4309-adfa-c8e078a7f762} (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{639581d0-8376-4073-b73b-45993fa45156} (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{66b0c472-a6b5-4e86-8330-f4875af90929} (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{21de6877-97c0-4fc7-9c16-666b996db4a2} (Dialer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Merci
    a b 8 Sécurité
    27 Mars 2008 22:03:21

    Reposte un rapport Hijackthis.
    27 Mars 2008 22:10:21

    Rapport hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 22:10:09, on 27/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\David\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/z...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

    28 Mars 2008 15:55:36

    Bonjour,

    voici le rapport d'antivir



    AntiVir PersonalEdition Classic
    Report file date: vendredi 28 mars 2008 14:42

    Scanning for 1169405 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MAISON

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:39:59
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 13:39:59
    ANTIVIR3.VDF : 7.0.3.91 14336 Bytes 28/03/2008 13:39:59
    AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 28/03/2008 13:40:00
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 28/03/2008 13:40:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 28 mars 2008 14:42

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'WOOBrowser.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'osd.exe' - '1' Module(s) have been scanned
    Scan process 'backWeb-4448364.exe' - '1' Module(s) have been scanned
    Scan process 'realplay.exe' - '1' Module(s) have been scanned
    Scan process 'Traymon.exe' - '1' Module(s) have been scanned
    Scan process 'vcsplay.exe' - '1' Module(s) have been scanned
    Scan process 'MMKeybd.exe' - '1' Module(s) have been scanned
    Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'vcssecs.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CDANTSRV.EXE' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'nhksrv.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    51 processes with 51 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '41' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\David\Bureau\Upload_Me.zip
    [0] Archive type: ZIP
    --> DOCUME~1/David/Bureau/Upload_Me/MyPhoto012.zip
    [1] Archive type: ZIP
    --> MyPhoto012.JPEG-www.facebook.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> DOCUME~1/David/Bureau/Upload_Me/MyPhoto015.zip
    [1] Archive type: ZIP
    --> MyPhoto015.JPEG-www.myspace.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> DOCUME~1/David/Bureau/Upload_Me/MyPhoto12.zip
    [1] Archive type: ZIP
    --> MyPhoto12.JPEG-ScannedByMsn.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> DOCUME~1/David/Bureau/Upload_Me/MyPhoto25.zip
    [1] Archive type: ZIP
    --> MyPhoto25.JPEG-ScannedByMsn.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> DOCUME~1/David/Bureau/Upload_Me/winboot.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4858f754.qua'!
    C:\Documents and Settings\David\Bureau\MSNFix\25032008_22091189.zip
    [0] Archive type: ZIP
    --> backup/MyPhoto012.zip
    [1] Archive type: ZIP
    --> MyPhoto012.JPEG-www.facebook.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backup/MyPhoto015.zip
    [1] Archive type: ZIP
    --> MyPhoto015.JPEG-www.myspace.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backup/MyPhoto12.zip
    [1] Archive type: ZIP
    --> MyPhoto12.JPEG-ScannedByMsn.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backup/MyPhoto25.zip
    [1] Archive type: ZIP
    --> MyPhoto25.JPEG-ScannedByMsn.com
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backup/winboot.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481cf72d.qua'!
    C:\QooBox\Quarantine\catchme2008-03-26_201248.34.zip
    [0] Archive type: ZIP
    --> jkkjj.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '486100cb.qua'!
    C:\QooBox\Quarantine\C\Program Files\Surfairy\SurfairyHlp.dll.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '485f00e7.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjj.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '485800e4.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljkjih.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '485700e6.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\rsbnvccb.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '484f00ed.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\winboot.MSNFix.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '485b00e4.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP660\A0136747.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481e00e5.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP661\A0136787.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481e00e9.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP661\A0136805.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481e00ea.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP661\A0136835.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481e00ec.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP662\A0136868.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481e00f1.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP662\A0136873.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '49629b8a.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP662\A0136875.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481e00f2.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP662\A0136876.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '49629b8b.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP662\A0136889.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '481e00f3.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP662\A0136890.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '49629b8c.qua'!
    C:\System Volume Information\_restore{7265F08E-C4A2-4810-8702-9D6FA7B23363}\RP663\A0136986.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '481e00fa.qua'!


    End of the scan: vendredi 28 mars 2008 15:49
    Used time: 1:07:19 min

    The scan has been done completely.

    5342 Scanning directories
    213166 Files were scanned
    25 viruses and/or unwanted programs were found
    2 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    19 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    213141 Files not concerned
    6410 Archives were scanned
    2 Warnings
    0 Notes

    Merci
    a b 8 Sécurité
    28 Mars 2008 18:47:53

    Reposte un rapport Hijackthis.
    28 Mars 2008 19:13:22

    Voici le rapport Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 19:12:51, on 28/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\David\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/z...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

    Merci
    a b 8 Sécurité
    28 Mars 2008 21:00:22

    Tu as encore des soucis ?
    28 Mars 2008 21:04:27

    En fait je n'ai pas essayé de me reconnecter à Messenger, mais je vais le faire. En tout cas, je trouve que ma machine tourne plus vite qu'avant.

    Merci pour tout, c'est un réel plaisir de traiter avec vous.

    Je n'hésiterai pas à vous recontacter en cas de problème

    Encore merci
    a b 8 Sécurité
    28 Mars 2008 21:07:18

    Tiens moi au courant.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS