Se connecter / S'enregistrer
Votre question

Ultimate Fixer 2007

Tags :
  • Ultimate
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Mai 2007 05:43:15

Bonjour ! J'ai un problème avec le logiciel ci-dessus Ultimate Fixer. Il s'est installé tout seul mais en plus il ne veux pas s'enlever. De plus, il me relance sans cesse pour que je l'achète.

Toute aide sera la bienvenue.

Voila le post Hijack :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:38:04, on 2007-05-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
G:\Programmes\Alwil Software\Avast4\aswUpdSv.exe
G:\Programmes\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\System32\WF2K.EXE
G:\Programmes\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Programmes\logitech\iTouch\iTouch.exe
G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
G:\Programmes\Picasa2\PicasaMediaDetector.exe
G:\Programmes\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\programmes\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
G:\Programmes\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\gpcfkxgj.exe
C:\WINDOWS\system32\stcheck32.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
G:\Programmes\Nikon\PictureProject\NkbMonitor.exe
G:\Programmes\PhotoWise\quicklnk.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
G:\Programmes\Alwil Software\Avast4\ashMaiSv.exe
G:\Programmes\Alwil Software\Avast4\ashWebSv.exe
G:\Programmes\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
G:\Programmes\HP\Digital Imaging\bin\hpqgalry.exe
G:\PROGRA~1\msoffice\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Programmes\eBay\Turbo Lister2\tl.exe
C:\Documents and Settings\Daniel G\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.google.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - G:\Programmes\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {2B8D11C6-9417-B296-AA79-09C2093684ED} - C:\WINDOWS\system32\nwfiqjk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5baaa4ba-1dd2-11b2-ada1-a63effca8258} - C:\WINDOWS\system32\5F5cKO5H.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - G:\Programmes\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] "rundll32.exe" wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] G:\Programmes\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] G:\Programmes\logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] G:\Programmes\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] "G:\Programmes\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eBayToolbar] "G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\programmes\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Programmes\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [gpcfkxgj.exe] C:\WINDOWS\system32\gpcfkxgj.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\system32\stcheck32.exe
O4 - HKLM\..\Run: [vsbylqxi.exe] C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PhotoWise QuickLink.lnk = G:\Programmes\PhotoWise\quicklnk.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Programmes\msoffice\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = G:\Programmes\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Programmes\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = G:\Programmes\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Programmes\logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://G:\Programmes\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLau...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_P...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredete...
O16 - DPF: {CA8A9780-280D-11CF-A24D-444553540000} (Adobe PDF Reader) - http://activex.microsoft.com/objects/ocget.dll
O18 - Protocol: bw+0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Programmes\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - G:\Programmes\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 23762 bytes

Quelle sera la suite? Merci!

Autres pages sur : ultimate fixer 2007

30 Mai 2007 11:31:30

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.


Fais aussi ceci. Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Tu le dézippes sur le Bureau.
Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Poste le rapport.
31 Mai 2007 21:55:59

Bonjour !

voici le rapport Combofix :

"Daniel G" - 2007-05-31 15:28:29 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Daniel G\Bureau\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\install.log"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 ))))))))))))))))))))))))))))))))))


2007-05-30 15:47 <REP> d-------- C:\WINDOWS\DINC0000
2007-05-27 21:54 <REP> d--hs---- C:\FOUND.000
2007-05-24 18:56 <REP> d-------- C:\DOCUME~1\DANIEL~1\Contacts
2007-05-21 06:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\eBay
2007-05-20 01:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-05-20 01:02 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-05-20 00:58 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-05-20 00:58 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-19 16:47 3,712 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-19 15:25 164 --a------ C:\install.dat
2007-05-19 15:23 <REP> d-------- C:\DOCUME~1\DANIEL~1\APPLIC~1\GetRightToGo
2007-05-19 13:41 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-19 13:02 <REP> d-------- C:\Program Files\Enigma Software Group
2007-05-16 18:03 <REP> d-------- C:\DOCUME~1\Nikita\APPLIC~1\Ultimate Fixer
2007-05-12 12:56 <REP> d-------- C:\Program Files\Ultimate Fixer
2007-05-11 00:55 <REP> d-------- C:\Program Files\Ultimate Cleaner
2007-05-08 09:45 64,000 --a------ C:\sderqe32.exe
2007-05-08 09:45 46,080 --a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\vsbylqxi.exe
2007-04-23 06:13 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-23 06:13 <REP> d-------- C:\Program Files\Trend Micro
2007-04-15 02:02 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-09 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-04-05 23:21 86,528 --a------ C:\WINDOWS\system32\kibnaab.dll
2007-04-05 23:21 46,080 --a------ C:\WINDOWS\system32\asdjhweq.exe
2007-04-05 23:21 262,144 --a------ C:\WINDOWS\system32\stcheck32.exe
2007-04-05 23:21 <REP> d-------- C:\WINDOWS\system32\noblfbbd
2007-04-05 23:20 54,272 --a------ C:\WINDOWS\system32\gpcfkxgj.exe
2007-04-04 17:46 <REP> d-------- C:\DOCUME~1\Nikita\APPLIC~1\MailFrontier
2007-04-02 18:57 <REP> d-------- C:\DOCUME~1\William\APPLIC~1\MailFrontier


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-21 02:23:50 65,354 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-21 02:23:50 448,116 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 11:13:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-03-31 02:48:38 512 ----a-w C:\ScanSectorLog.dat
2007-03-31 02:16:12 -------- d-----w C:\DOCUME~1\DANIEL~1\APPLIC~1\MailFrontier
2007-03-15 16:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 16:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-09 04:03:06 42,648 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-03-09 04:03:04 54,936 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2007-03-09 04:02:58 22,168 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-03-09 04:02:58 18,072 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-03-09 04:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe
2007-03-09 04:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}=G:\Programmes\eBay\eBay Toolbar2\eBayTB.dll [2007-05-02 18:41]
{2B8D11C6-9417-B296-AA79-09C2093684ED}=C:\WINDOWS\system32\nwfiqjk.dll []
{53707962-6F74-2D53-2644-206D7942484F}=G:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5baaa4ba-1dd2-11b2-ada1-a63effca8258}=C:\WINDOWS\system32\5F5cKO5H.dll []
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-19 23:56]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG.exe" [2002-07-02 19:46 C:\WINDOWS\system32\TCAUDIAG.EXE]
"nForce Tray Options"="sstray.exe" [2002-11-13 03:34 C:\WINDOWS\system32\sstray.exe]
"WinFast2KLoadDefault"="rundll32.exe" [2004-08-19 19:10 C:\WINDOWS\system32\rundll32.exe]
"WinFast Schedule"="G:\Programmes\WinFast\WFTVFM\WFWIZ.exe" [2003-03-27 18:35]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"zBrowser Launcher"="G:\Programmes\logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"EM_EXEC"="G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 09:50]
"Picasa Media Detector"="G:\Programmes\Picasa2\PicasaMediaDetector.exe" [2006-12-11 20:36]
"HP Software Update"="G:\Programmes\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"eBayToolbar"="G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-05-02 18:43]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"QuickTime Task"="G:\programmes\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="G:\Programmes\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"vsbylqxi.exe"="C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe" [2007-05-08 09:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09]
"LDM"="\Program\" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 19:06]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-03-20 00:12:40 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-31 15:32:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-31 15:32:16
C:\ComboFix-quarantined-files.txt ... 2007-05-31 15:32

--- E O F ---
Contenus similaires
31 Mai 2007 22:01:04

Voici maintenant le rapport Hijack:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:41:38, on 2007-05-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
G:\Programmes\Alwil Software\Avast4\aswUpdSv.exe
G:\Programmes\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
G:\Programmes\Alwil Software\Avast4\ashMaiSv.exe
G:\Programmes\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\System32\WF2K.EXE
G:\Programmes\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Programmes\logitech\iTouch\iTouch.exe
G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
G:\Programmes\Picasa2\PicasaMediaDetector.exe
G:\Programmes\HP\HP Software Update\HPWuSchd2.exe
G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\programmes\QuickTime\qttask.exe
G:\Programmes\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\gpcfkxgj.exe
C:\WINDOWS\system32\stcheck32.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe
G:\Programmes\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
G:\Programmes\PhotoWise\quicklnk.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
G:\Programmes\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel G\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.google.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - G:\Programmes\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {2B8D11C6-9417-B296-AA79-09C2093684ED} - C:\WINDOWS\system32\nwfiqjk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5baaa4ba-1dd2-11b2-ada1-a63effca8258} - C:\WINDOWS\system32\5F5cKO5H.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - G:\Programmes\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [WinFast2KLoadDefault] "rundll32.exe" wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] G:\Programmes\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] G:\Programmes\logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] G:\Programmes\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] "G:\Programmes\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eBayToolbar] "G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\programmes\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Programmes\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [vsbylqxi.exe] C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PhotoWise QuickLink.lnk = G:\Programmes\PhotoWise\quicklnk.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Programmes\msoffice\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = G:\Programmes\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Programmes\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = G:\Programmes\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Programmes\logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://G:\Programmes\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLau...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_P...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredete...
O16 - DPF: {CA8A9780-280D-11CF-A24D-444553540000} (Adobe PDF Reader) - http://activex.microsoft.com/objects/ocget.dll
O18 - Protocol: bw+0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Programmes\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - G:\Programmes\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 23205 bytes
31 Mai 2007 22:05:51

Et maintenant le rapport de SmitFraudFix

SmitFraudFix v2.183

Rapport fait à 16:03:51,01, 2007-05-31
Executé à partir de C:\Documents and Settings\Daniel G\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
G:\Programmes\Alwil Software\Avast4\aswUpdSv.exe
G:\Programmes\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
G:\Programmes\Alwil Software\Avast4\ashMaiSv.exe
G:\Programmes\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\System32\WF2K.EXE
G:\Programmes\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Programmes\logitech\iTouch\iTouch.exe
G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
G:\Programmes\Picasa2\PicasaMediaDetector.exe
G:\Programmes\HP\HP Software Update\HPWuSchd2.exe
G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\programmes\QuickTime\qttask.exe
G:\Programmes\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\gpcfkxgj.exe
C:\WINDOWS\system32\stcheck32.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe
G:\Programmes\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
G:\Programmes\PhotoWise\quicklnk.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
G:\Programmes\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daniel G


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daniel G\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DANIEL~1\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Motorola SURFboard SB5100 USB Cable Modem - Miniport d'ordonnancement de paquets
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189

HKLM\SYSTEM\CCS\Services\Tcpip\..\{83DB9852-3938-484D-9B9D-9CA8265FA42E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83DB9852-3938-484D-9B9D-9CA8265FA42E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83DB9852-3938-484D-9B9D-9CA8265FA42E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

31 Mai 2007 23:23:59

Bonsoir


Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
.



1 Télécharge
CCleaner.

http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

AVG Anti-Spyware
http://www.ewido.net/en/download/
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente


2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


3 Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B8D11C6-9417-B296-AA79-09C2093684ED} - C:\WINDOWS\system32\nwfiqjk.dll (file missing)
O2 - BHO: (no name) - {5baaa4ba-1dd2-11b2-ada1-a63effca8258} - C:\WINDOWS\system32\5F5cKO5H.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [HP Software Update] "G:\Programmes\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\programmes\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vsbylqxi.exe] C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Microsoft Office.lnk = G:\Programmes\msoffice\Office10\OSA.EXE
O4 - Global Startup: HP Image Zone Fast Start.lnk = G:\Programmes\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Programmes\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Programmes\logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Act [...] uncher.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/ac [...] 0-3-36.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/p [...] r37380.cab
O16 - DPF: {CA8A9780-280D-11CF-A24D-444553540000} (Adobe PDF Reader) - http://activex.microsoft.com/objects/ocget.dll
O18 - Protocol: bw+0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82FBA1EA-F575-48DD-A824-04418FA63C66} - G:\Programmes\logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer



5 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :

Ultimate Fixer
Ultimate Cleaner


6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\Ultimate Fixer
C:\Program Files\Ultimate Cleaner
C:\Documents and Settings\All Users.WINDOWS\Application Data\vsbylqxi.exe
C:\WINDOWS\system32\gpcfkxgj.exe
C:\WINDOWS\system32\stcheck32.exe
C:\WINDOWS\system32\kibnaab.dll
C:\WINDOWS\system32\asdjhweq.exe
C:\WINDOWS\system32\noblfbbd
C:\sderqe32.exe

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.


7 Lance le nettoyage avec CCleaner.


8 Lance AVG Anti-Spyware.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.


9 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'AVG Anti-Spyware
4 Juin 2007 03:21:26

Bonsoir !

en passant j'ai suivi vos instructions, il semble y avoir un changement. Merci!

voici donc le nouveaux rapport Hyjack et le rapport AVG suit tout de suite après:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:10:41, on 2007-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
G:\Programmes\Alwil Software\Avast4\aswUpdSv.exe
G:\Programmes\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
G:\Programmes\Alwil Software\Avast4\ashMaiSv.exe
G:\Programmes\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TCAUDIAG.exe
C:\WINDOWS\system32\sstray.exe
G:\Programmes\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Programmes\logitech\iTouch\iTouch.exe
G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
G:\Programmes\Picasa2\PicasaMediaDetector.exe
G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Programmes\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Programmes\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
G:\Programmes\Nikon\PictureProject\NkbMonitor.exe
G:\Programmes\PhotoWise\quicklnk.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Daniel G\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.google.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - G:\Programmes\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - G:\Programmes\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [WinFast2KLoadDefault] "rundll32.exe" wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] G:\Programmes\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] G:\Programmes\logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] G:\PROGRA~1\logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] G:\Programmes\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [eBayToolbar] "G:\Programmes\eBay\eBay Toolbar2\eBayTBDaemon.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Programmes\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PhotoWise QuickLink.lnk = G:\Programmes\PhotoWise\quicklnk.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = G:\Programmes\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &eBay Search - res://G:\Programmes\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Programmes\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Programmes\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - G:\Programmes\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 10038 bytes

et maintenant le rapport AVG:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 00:38:51 2007-06-02

+ Résultat de l'analyse:



C:\Documents and Settings\Nikita\Application Data\Microsoft\Internet Explorer\Quick Launch\Start UltimateFixer 2007.lnk -> Adware.RogueSuspect : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Nikita\Application Data\Ultimate Fixer -> Adware.RogueSuspect : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Nikita\Application Data\Ultimate Fixer\backup -> Adware.RogueSuspect : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Nikita\Application Data\Ultimate Fixer\logs -> Adware.RogueSuspect : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Nikita\Application Data\Ultimate Fixer\settings.dat -> Adware.RogueSuspect : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-725345543-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CFE6652-47C3-474E-AC6D-29A293473512}\RP1045\A0193110.exe -> Adware.Ultimate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CFE6652-47C3-474E-AC6D-29A293473512}\RP1045\A0193111.exe -> Adware.Ultimate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{3CFE6652-47C3-474E-AC6D-29A293473512}\RP1045\A0193112.exe -> Adware.UltimateDefender : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Nikita\Cookies\nikita@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\William\Cookies\william@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\William\Cookies\william@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@web2.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Nikita\Cookies\nikita@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{3CFE6652-47C3-474E-AC6D-29A293473512}\RP1045\A0193104.exe -> Trojan.Obfuscated.ev : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport


4 Juin 2007 10:49:31

Bonjour


Hijackthis est propre.

Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
5 Juin 2007 03:53:57

Bonjour

voici maintenant le rapport Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, June 04, 2007 11:27:46 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 4/06/2007
Enregistrements dans la base antivirus Kaspersky : 317130
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\

Statistiques de l'analyse:
Total d'objets analysés: 141153
Nombre de virus trouvés: 4
Nombre d'objets infectés: 50 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:08:01

Nom de l'objet infecté / Nom du virus / Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\nwfiqjk.dll.bak Infecté : Trojan.Win32.Obfuscated.ev ignoré
C:\WINDOWS\Temp\ZLT05b44.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT05b47.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwpktlog.txt L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\DANIEL.ldb L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwdbglog.txt L'objet est verrouillé ignoré
C:\WINDOWS\mssys.com/DROP.EXE Infecté : Trojan-Dropper.DOS.Rute ignoré
C:\WINDOWS\mssys.com Mail: infecté - 1 ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.001\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT.001\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.001\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.001\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT.001\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\NTUSER.DAT.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\Local Settings\Temp\Perflib_Perfdata_a50.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Dossiers d'archivage/Éléments envoyés/13 Jul 2005 03:20 from Daniel Gosselin:Fw: YOUR PAYPAL.COM ACCOU/www.paypal.zl6.zlq Infecté : Email-Worm.Win32.Mimail.i ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infecté - 1 ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Ebay.dbx/[From aw-confirm@ebay.com][Date Fri, 08 Apr 2005 19:09:43 -0700]/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Ebay.dbx Mail MS Outlook 5: infecté - 1 ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From tjwilson@telusplanet.net][Date Mon, 04 Apr 2005 23:07:35 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From tjwilson@telusplanet.net][Date Mon, 04 Apr 2005 23:07:35 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From cburgin@bigpond.com][Date Mon, 11 Apr 2005 05:56:18 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From cburgin@bigpond.com][Date Mon, 11 Apr 2005 05:56:18 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From dsonesheets@gmail.com][Date Sat, 23 Apr 2005 18:00:29 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From dsonesheets@gmail.com][Date Sat, 23 Apr 2005 18:00:29 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From miraalavie@hotmail.com][Date Sun, 24 Apr 2005 17:28:25 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From miraalavie@hotmail.com][Date Sun, 24 Apr 2005 17:28:25 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From dsonesheets@gmail.com][Date Sat, 23 Apr 2005 18:00:29 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From dsonesheets@gmail.com][Date Sat, 23 Apr 2005 18:00:29 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From miraalavie@hotmail.com][Date Sun, 24 Apr 2005 17:28:25 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From miraalavie@hotmail.com][Date Sun, 24 Apr 2005 17:28:25 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: bstrongspeaktru" <member@ebay.com>][Date Tue, 03 May 2005 13:12:40 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: bstrongspeaktru" <member@ebay.com>][Date Tue, 03 May 2005 13:12:40 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: vilandra02" <member@ebay.com>][Date Fri, 06 May 2005 15:32:37 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: vilandra02" <member@ebay.com>][Date Fri, 06 May 2005 15:32:37 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From louis.girard@usherbrooke.ca][Date Fri, 06 May 2005 17:54:50 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From louis.girard@usherbrooke.ca][Date Fri, 06 May 2005 17:54:50 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: lape2002" <member@ebay.com>][Date Fri, 06 May 2005 19:45:48 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: lape2002" <member@ebay.com>][Date Fri, 06 May 2005 19:45:48 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: vilandra02" <member@ebay.com>][Date Fri, 06 May 2005 15:32:37 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: vilandra02" <member@ebay.com>][Date Fri, 06 May 2005 15:32:37 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From louis.girard@usherbrooke.ca][Date Fri, 06 May 2005 17:54:50 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From louis.girard@usherbrooke.ca][Date Fri, 06 May 2005 17:54:50 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: lape2002" <member@ebay.com>][Date Fri, 06 May 2005 19:45:48 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: lape2002" <member@ebay.com>][Date Fri, 06 May 2005 19:45:48 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: killer-ed" <member@ebay.com>][Date Tue, 10 May 2005 22:09:21 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: killer-ed" <member@ebay.com>][Date Tue, 10 May 2005 22:09:21 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: leytelounge" <member@ebay.com>][Date Thu, 19 May 2005 18:04:59 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: leytelounge" <member@ebay.com>][Date Thu, 19 May 2005 18:04:59 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: bstrongspeaktru" <member@ebay.com>][Date Tue, 24 May 2005 23:03:54 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: bstrongspeaktru" <member@ebay.com>][Date Tue, 24 May 2005 23:03:54 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: 1matttec" <member@ebay.com>][Date Tue, 31 May 2005 23:41:34 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: 1matttec" <member@ebay.com>][Date Tue, 31 May 2005 23:41:34 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: sadprofessor1" <member@ebay.com>][Date Sun, 05 Jun 2005 15:13:20 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: sadprofessor1" <member@ebay.com>][Date Sun, 05 Jun 2005 15:13:20 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: leatherfacegotti" <member@ebay.com>][Date Fri, 10 Jun 2005 11:28:50 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: leatherfacegotti" <member@ebay.com>][Date Fri, 10 Jun 2005 11:28:50 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: cinema66" <member@ebay.com>][Date Fri, 10 Jun 2005 17:48:32 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: cinema66" <member@ebay.com>][Date Fri, 10 Jun 2005 17:48:32 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: ken-zo0519yumi" <member@ebay.com>][Date Sat, 11 Jun 2005 19:46:59 -0700]/UNNAMED/text Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "eBay Member: ken-zo0519yumi" <member@ebay.com>][Date Sat, 11 Jun 2005 19:46:59 -0700]/UNNAMED Infecté : Trojan-Spy.HTML.Bayfraud.ib ignoré
C:\Documents and Settings\Daniel G\Local Settings\Application Data\Identities\{DEC59B95-7E95-49F5-904C-36F541079DB8}\Microsoft\Outlook Express\Boîte de réception.dbx Mail MS Outlook 5: infecté - 42 ignoré
C:\Documents and Settings\Daniel G\Cookies\index.dat L'objet est verrouillé ignoré
C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{3CFE6652-47C3-474E-AC6D-29A293473512}\RP1047\change.log L'objet est verrouillé ignoré
C:\itouch_crash_info.txt L'objet est verrouillé ignoré
C:\errlgr.txt L'objet est verrouillé ignoré
G:\Programmes\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
G:\Programmes\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
G:\Programmes\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
G:\Programmes\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
G:\Programmes\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
G:\Programmes\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
I:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
J:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
K:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
L:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
M:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
N:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
O:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

Analyse terminée.
5 Juin 2007 09:22:05

Bonjour


La plupart des fichiers infectés sont des mails dans outloock.
Regarde le rapport, ils sont arrivés entre le 13 avril et le 17 juillet 2005. Supprime les.



Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\WINDOWS\system32\nwfiqjk.dll.bak
C:\WINDOWS\mssys.com

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
6 Juin 2007 03:42:30

Bonsoir,

voici le rapport OTMoveIT:

C:\WINDOWS\system32\nwfiqjk.dll.bak moved successfully.
C:\WINDOWS\mssys.com moved successfully.

Created on 06-05-2007 07:35:32

6 Juin 2007 22:41:56

Bonjour


As tu encore des dysfonctionnements ?
8 Juin 2007 00:17:11

Bonjour

je n'ai plus la fenêtre Ultimatefixer. Je crois que le tout semble être réglé.

S'il n'y a pas d'autres actions à prendre, on peut considérer que mon problème est résolu. Si oui, je ne peux que vous remerciez infiniment pour l'aide que vous m'avez apporté, c'est bien apprécié.

Dans ce cas, je dois indiquer dans l'entête du message que c'est RÉSOLU, n'est-ce pas?

Je n'hésiterez pas à référer le site et ses experts.

Encore merci encore pour votre aide. :) 

8 Juin 2007 00:47:49

De rien


Encore une petite chose.
Dénonce ton infection pour faire condamner les auteurs.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
La tienne =
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections conforme au règle du forum (age, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé.
---> http://www.malwarecomplaints.info/viewforum.php?f=10

Plus d'informations ici
http://forum.zebulon.fr/index.php?showtopic=88688
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS