[RESOLU] Virus ALERT ! - Plus de lecteur C dans explorateur Window

Wisewise3 · le 11 juin 2008

Bonjour,

suite aux différents problèmes cités dans le titre du sujet, voici ce que j'ai effectué.

Exécution de SmitFraudFix en mode Normal option 1

Démarrage en Mode Sans echec et exécution de smitFraudFix option 2 puis réponse Oui à toutes les questions. Il a redémarré en mode normal et s'est exécuté automatiquement. Ensuite les lecteurs sont revenus, plus de message Virus Alert etc. Donc symptome disparu execpté ouverture de fenetre IE sans arret.

Install ANTIVIR puis mise à jour puis scan. Il a détecté plus ou moins 70 malicieux et quarataine. Ensuite SPy Bot et là plus de symptome visible.

Je vous mets le rapport Hijack pour me confirmer que tout est correct et donc retrouvé sur une machine saine.

Merci pour votre soutient.

Bien à vous,

Wisewise3:

Logfile of HijackThis v1.99.1

Scan saved at 11:12:15, on 11/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bwgo0000b8ff.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\YesMessenger\YesMessenger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Documents and Settings\Propriétaire\Bureau\Smitfraudfix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: nmwegbsf - {56C2F96A-004F-46AD-AA6A-747E0235430C} - C:\WINDOWS\nmwegbsf.dll (file missing)

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\mljul1.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?fa67f3ef803f4b0cac4b278ae5670af6

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?fa67f3ef803f4b0cac4b278ae5670af6

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{08110EDC-3AAB-411B-851B-A99F2C8DFA66}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{9789D05C-BF4F-423A-B00F-AC8C36DC7F41}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{FA7D3944-2D20-4AB4-B6FC-0F032892DF86}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{08110EDC-3AAB-411B-851B-A99F2C8DFA66}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\..\{08110EDC-3AAB-411B-851B-A99F2C8DFA66}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: bw+0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {92708B3C-1A10-435E-A220-B3C3E6C8DBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: adgpfoxs - {2B43E425-70D7-4090-A036-CD3CF51E4A31} - C:\WINDOWS\adgpfoxs.dll (file missing)

O21 - SSODL: erpobmsw - {2FE9077B-3B69-4BB9-B571-80B3E1C82141} - C:\WINDOWS\erpobmsw.dll (file missing)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Modifié le 5 juillet 2008 par Wisewise3

Wisewise3 · le 12 juin 2008

Bonjour,

comme je vois pas mal de lecture mais aucune réponse à ce post, peut-être que je n'ai pas été assez claire dans ma question.

Serait il possible de voir d'après mon rapport Hijack posté ci dessu si le pc est bien nettoyé ou s'il reste des traces du virus. Si oui comment l'éradiquer à fond.

Merci pour vos réponses.

WiseWise3

Modifié le 12 juin 2008 par Wisewise3

dref01 · le 13 juin 2008

slt deja a ce que je vois il reste des bout de symantec (norton)

et charge Malware byte's ici http://www.malwarebytes.org/

c'est gratuit

mise a jour et scann

je ne suis pas un specialiste de hijack

Falkra pourras t'aider mieux que moi la dessus

oGu · le 13 juin 2008

Salut à vous!

Pas mal de fichiers infectés sur ton PC: avant de passer malwarebytes' Anti-Malware, on va cibler la désinfection.

Question préalable: est-ce toi qui a modifié tes serveurs DNS au profit d'OpenDNS?

DESACTIVER le TEA-TIMER

Ouvre Spybot
Va dans le Menu "Mode" --> "Mode avancé"
Confirme en cliquant sur le bouton "Oui".
Clique ensuite sur "Outil" dans la barre de navigation de Spybot (volet de gauche) puis sur "Résident"
Pour activer/désactiver Tea-Timer, il suffit de cocher/décocher dans le panneau central :

Résident "TeaTimer" (Protection des réglages système fondamentaux) actif.

SDFIX

Je te conseille d'imprimer cette procédure pour pouvoir la suivre hors connexion internet, une fois en Mode sans échec.

Télécharge et sauvegarde sur ton Bureau SDFix (créé par AndyManchesta), en cliquant sur cette image:

Double-clique sur SDFix.exe et choisis Install pour l'extraire à la racine de ton disque système (donc en général: C:\SDfix)

Puis fais redémarrer ton ordinateur en Mode sans échec en suivant la procédure que voici :

Fais redémarrer ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en Mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.

Suis la liste des instructions ci-dessous :

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. (nota: il se peut que l'extension .bat n'apparaisse pas et que le fichier se nomme simplement RunThis)
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour faire redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Si Sdfix ne se lance pas (ça arrive!)
- Démarrer->Exécuter
- Copie/colle ceci:
  
  %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
- Clique sur ok, et valide.
- Redémarre et essaye de nouveau de lancer SdFix.

HIJACKTHIS

Poste un nouveau rapport s'il te plaît!

Modifié le 13 juin 2008 par oGu

Wisewise3 · le 14 juin 2008

Bonjour, Merci tout d'abord pour vos réponses.

Réponseà oGu, non je n'ai rien modifié aux DNS. Le pc est connecté en sans fil au modem routeur configuré en automatique. Ce qu'il faut savoir c'est que c'est le pilote de la carte réseau sans fil Conceptronique qui gère la connexion. Peut etre ext lui qui a installé çà...?

Je fais les différentes manips et poste le rapport.

Modifié le 14 juin 2008 par Wisewise3

oGu · le 14 juin 2008

Ok. Peux-tu me dire si tu avais scanné ta machine avec un antispy avant de venir ici? Spybot par exemple? L'un de ces outils aurait-il trouvé, si tu t'en rapelles, un malware du nom de Zlob ou DNS Changer?

Merci de me signaler également quel est ton fournisseur d'accès Internet.

Modifié le 14 juin 2008 par oGu

Wisewise3 · le 14 juin 2008

Oui j'avais fait Spybot mais je ne me souviens plus si dns changer était là

Le dns de mon fournisseur d'accè est SKYNET (Belgique). Leur dns sont 195.238.2.21 - 195.238.2.22

autre petite chose le scroll de la souris ne fonctionne pas.sais pas si lié

Voici le rapport de sd fix

SDFix: Version 1.192

Run by Propri‚taire on sam. 14/06/2008 at 13:54

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\Antivirus 2008 PRO\vscan.tsi - Deleted

C:\Program Files\Antivirus 2008 PRO\zlib.dll - Deleted

C:\WINDOWS\search_res.txt - Deleted

Folder C:\Program Files\Antivirus 2008 PRO - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-14 14:02:36

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\Fichiers communs\\Adobe\\ESD\\AdobeDownloadManager.exe"="C:\\Program Files\\Fichiers communs\\Adobe\\ESD\\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager"

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"

"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Enabled:ActiveSync Application"

"C:\\Program Files\\Alturion\\Alturion GPS Professional\\Alturion GPS.exe"="C:\\Program Files\\Alturion\\Alturion GPS Professional\\Alturion GPS.exe:*:Enabled:Alturion GPS"

"C:\\Program Files\\TomTom HOME\\TomTomHOME.exe"="C:\\Program Files\\TomTom HOME\\TomTomHOME.exe:*:Enabled:TomTom HOME"

"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"G:\\PSP\\COMMON\\incredimail_install.exe"="G:\\PSP\\COMMON\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"

"C:\\Documents and Settings\\Propri‚taire\\Local Settings\\Temp\\Fichiers Internet temporaires\\Content.IE5\\T7QWHPV8\\magentic_install[1].exe"="C:\\Documents and Settings\\Propri‚taire\\Local Settings\\Temp\\Fichiers Internet temporaires\\Content.IE5\\T7QWHPV8\\magentic_install[1].exe:*:Enabled:IncrediMail Installer"

"C:\\WINDOWS\\system32\\CIMSVR.exe"="C:\\WINDOWS\\system32\\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server"

"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"

"C:\\Documents and Settings\\Propri‚taire\\Bureau\\virtualdj.exe"="C:\\Documents and Settings\\Propri‚taire\\Bureau\\virtualdj.exe:*:Disabled:VirtualDJ"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 25 Mar 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Mon 16 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sun 2 Mar 2008 502 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti5C.tmp"

Mon 18 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT3.tmp"

Fri 28 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ae860fd60a382fd2b289abdbf216cb6\BITB.tmp"

Wed 16 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8d0fb3dfb1397854f41adc7b8c40808\BIT9.tmp"

Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b97f707102320016c4550fd76521b339\BITC.tmp"

Fri 11 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be56f980fe363bd251a94e272f8d4fe1\BIT21.tmp"

Sun 6 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c42e5a57b972ba4bae3a501d96be8ffc\BITC.tmp"

Mon 16 Oct 2006 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"

Mon 6 Nov 2006 20 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"

Mon 16 Oct 2006 9,655 A.SH. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!

et voici celui de Hijack

Logfile of HijackThis v1.99.1

Scan saved at 14:18:27, on 14/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bwgo000cdb61.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\YesMessenger\YesMessenger.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe