Quelqu un peut m'analyser mon Hijackthis?
Dernière réponse : dans Sécurité
Voila je trouve que mon PC n'est pas en pleine forme et j'aimerais que quelqu un me dise ce que traduit mon Hijackthis et ce qu'il me faudrait faire,merci!
This v1.99.1
Scan saved at 20:09:20, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\VundoFix.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6DD135E7-2A87-4F28-BC85-D5A89B465405} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\kullrwyh.dll",b
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C9052.dat
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci d'avance!
This v1.99.1
Scan saved at 20:09:20, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\VundoFix.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6DD135E7-2A87-4F28-BC85-D5A89B465405} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\kullrwyh.dll",b
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C9052.dat
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci d'avance!
Autres pages sur : analyser hijackthis
Lassé par la pub ? Créez un compte
Un bonjour ?
Tu as déjà été désinfecté...
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Tu as déjà été désinfecté...
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Dsl pour le "bonjour"...
Sur ce Bonjour!
Merci pour la réponse,voici mon rapport combofix:
"bertrand" - 2007-10-27 17:00:02 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\gebcy.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-27 ))))))))))))))))))))))))))))))))))
2007-10-27 13:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 13:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 20:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 20:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 20:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 20:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 19:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 19:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 19:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 18:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 18:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 13:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 19:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 17:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 17:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 17:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 16:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 12:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 12:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 12:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 16:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
2007-09-27 15:15 70,208 --a------ C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 15:03 75,328 --a------ C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-27 15:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 17:01:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-27 17:02:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-27 17:02
C:\ComboFix2.txt ... 2007-05-08 17:50
Sur ce Bonjour!
Merci pour la réponse,voici mon rapport combofix:
"bertrand" - 2007-10-27 17:00:02 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\gebcy.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-27 ))))))))))))))))))))))))))))))))))
2007-10-27 13:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 13:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 20:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 20:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 20:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 20:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 19:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 19:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 19:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 18:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 18:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 13:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 19:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 17:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 17:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 17:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 16:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 12:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 12:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 12:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 16:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
2007-09-27 15:15 70,208 --a------ C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 15:03 75,328 --a------ C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-27 15:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 17:01:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-27 17:02:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-27 17:02
C:\ComboFix2.txt ... 2007-05-08 17:50
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 09:57:13, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\lclock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 09:57:13, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\lclock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voila le rapport combofix :
"bertrand" - 2007-10-28 20:33:15 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-28 ))))))))))))))))))))))))))))))))))
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 15:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 11:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 11:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 11:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 15:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 20:34:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-28 20:34:02
C:\ComboFix-quarantined-files.txt ... 2007-10-28 20:34
C:\ComboFix2.txt ... 2007-10-27 16:02
C:\ComboFix3.txt ... 2007-05-08 16:50
"bertrand" - 2007-10-28 20:33:15 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-28 ))))))))))))))))))))))))))))))))))
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 15:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 11:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 11:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 11:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 15:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 20:34:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-28 20:34:02
C:\ComboFix-quarantined-files.txt ... 2007-10-28 20:34
C:\ComboFix2.txt ... 2007-10-27 16:02
C:\ComboFix3.txt ... 2007-05-08 16:50
Re,
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Hop le Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:03:43, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:03:43, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Log Combofix :
"bertrand" - 2007-10-29 16:19:01 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-29 ))))))))))))))))))))))))))))))))))
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 15:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 11:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 11:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 11:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 15:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 16:20:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-29 16:20:02
C:\ComboFix-quarantined-files.txt ... 2007-10-29 16:20
C:\ComboFix2.txt ... 2007-10-28 20:34
C:\ComboFix3.txt ... 2007-10-27 16:02
"bertrand" - 2007-10-29 16:19:01 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-29 ))))))))))))))))))))))))))))))))))
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 15:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 11:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 11:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 11:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 15:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 16:20:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-29 16:20:02
C:\ComboFix-quarantined-files.txt ... 2007-10-29 16:20
C:\ComboFix2.txt ... 2007-10-28 20:34
C:\ComboFix3.txt ... 2007-10-27 16:02
Re,
Ton OS est piraté ?
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Ton OS est piraté ?
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\obfihsux.dll
C:\WINDOWS\system32\xdwobtpk.dll
C:\WINDOWS\system32\__c001C544.dat
C:\WINDOWS\system32\hhosjshq.exe
C:\WINDOWS\system32\gptsoluv.exe
C:\WINDOWS\system32\rbxqibso.dll
C:\WINDOWS\system32\__c00C9052.dat
C:\WINDOWS\system32\rlytlbcf.exe
C:\WINDOWS\system32\scqombfn.exe
C:\WINDOWS\system32\bqflmpmt.exe
C:\WINDOWS\system32\ngwiclmj.exe
C:\WINDOWS\system32\ochjedrj.exe
C:\WINDOWS\system32\ycsghbaf.exe
C:\WINDOWS\system32\mteyrjwk.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"27ea3fee"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"=-
C:\WINDOWS\system32\obfihsux.dll
C:\WINDOWS\system32\xdwobtpk.dll
C:\WINDOWS\system32\__c001C544.dat
C:\WINDOWS\system32\hhosjshq.exe
C:\WINDOWS\system32\gptsoluv.exe
C:\WINDOWS\system32\rbxqibso.dll
C:\WINDOWS\system32\__c00C9052.dat
C:\WINDOWS\system32\rlytlbcf.exe
C:\WINDOWS\system32\scqombfn.exe
C:\WINDOWS\system32\bqflmpmt.exe
C:\WINDOWS\system32\ngwiclmj.exe
C:\WINDOWS\system32\ochjedrj.exe
C:\WINDOWS\system32\ycsghbaf.exe
C:\WINDOWS\system32\mteyrjwk.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"27ea3fee"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Que veut dire OS?
Voici le rapport Combofix:
"bertrand" - 2007-10-29 21:42:21 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\"
Command switches used :: ""C:\Documents and Settings\bertrand\Bureau\CFScript.txt""
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-29 ))))))))))))))))))))))))))))))))))
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 15:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 11:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 11:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 11:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 15:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14507d38-cd9f-11db-8c14-0015f2754e47}]
Shell\AutoRun\command F:\SETUP.EXE -autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c708b51b-beb5-11db-8999-806d6172696f}]
Shell\AutoRun\command E:\_AUTORUN\AUTORUN.EXE
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 21:42:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-29 21:42:53
C:\ComboFix-quarantined-files.txt ... 2007-10-29 21:42
C:\ComboFix2.txt ... 2007-10-29 16:20
C:\ComboFix3.txt ... 2007-10-28 20:34
Voici le rapport Combofix:
"bertrand" - 2007-10-29 21:42:21 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\"
Command switches used :: ""C:\Documents and Settings\bertrand\Bureau\CFScript.txt""
((((((((((((((((((((((((((((((( Files Created from 2007-09-00 to 2007-10-29 ))))))))))))))))))))))))))))))))))
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:46 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
2007-09-30 15:05 75,328 --a------ C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 11:09 967 --a------ C:\WINDOWS\ScUnin.pif
2007-09-30 11:09 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-09-30 11:09 26,357 --a------ C:\WINDOWS\scunin.dat
2007-09-29 15:08 75,328 --a------ C:\WINDOWS\system32\mteyrjwk.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14507d38-cd9f-11db-8c14-0015f2754e47}]
Shell\AutoRun\command F:\SETUP.EXE -autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c708b51b-beb5-11db-8999-806d6172696f}]
Shell\AutoRun\command E:\_AUTORUN\AUTORUN.EXE
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 21:42:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-10-29 21:42:53
C:\ComboFix-quarantined-files.txt ... 2007-10-29 21:42
C:\ComboFix2.txt ... 2007-10-29 16:20
C:\ComboFix3.txt ... 2007-10-28 20:34
Voila le rapport Combofix en l'executant avec ton fichier texte :
"bertrand" - 2007-11-01 22:52:28 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\"
Command switches used :: ""C:\Documents and Settings\bertrand\Bureau\CFScript.txt""
((((((((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 ))))))))))))))))))))))))))))))))))
2007-11-01 22:51 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-31 18:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-31 18:02 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-31 18:02 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-31 18:02 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-31 18:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-31 18:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-10-31 17:03:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-10-28 08:58:32 79,172 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-28 08:58:32 476,478 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-27 13:32:08 -------- d-----w C:\DOCUME~1\bertrand\APPLIC~1\Azureus
2007-10-26 18:43:08 10,816 ----a-w C:\WINDOWS\system32\__c001C544.dat
2007-10-26 17:36:45 10,816 ----a-w C:\WINDOWS\system32\__c00C9052.dat
2007-09-30 14:05:40 75,328 ----a-w C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 10:10:41 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-09-30 10:10:41 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-30 10:10:41 26,357 ----a-w C:\WINDOWS\scunin.dat
2007-09-29 14:08:31 75,328 ----a-w C:\WINDOWS\system32\mteyrjwk.exe
2007-09-27 13:15:44 70,208 ----a-w C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 13:03:57 75,328 ----a-w C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-23 09:47:51 75,328 ----a-w C:\WINDOWS\system32\kbhchboi.exe
2007-09-23 09:34:16 -------- d-----w C:\Program Files\Windows Live
2007-09-23 09:34:16 -------- d-----w C:\Program Files\MSN Messenger
2007-09-22 18:49:58 75,328 ----a-w C:\WINDOWS\system32\rktqrgjx.exe
2007-09-21 18:49:04 75,328 ----a-w C:\WINDOWS\system32\gmxwwqqs.exe
2007-09-16 16:44:04 75,328 ----a-w C:\WINDOWS\system32\goovluob.exe
2007-09-15 16:41:01 75,328 ----a-w C:\WINDOWS\system32\xlijigre.exe
2007-09-08 22:21:23 75,328 ----a-w C:\WINDOWS\system32\pbbrxbtu.exe
2007-09-05 12:29:37 75,328 ----a-w C:\WINDOWS\system32\dgxpmpcn.exe
2007-09-02 09:00:56 75,328 ----a-w C:\WINDOWS\system32\ynrpryeg.exe
2007-09-01 09:01:59 75,328 ----a-w C:\WINDOWS\system32\ktfmwrjl.exe
2007-08-31 09:05:56 75,328 ----a-w C:\WINDOWS\system32\jhkdsswg.exe
2007-08-30 09:00:28 75,328 ----a-w C:\WINDOWS\system32\xgqionhm.exe
2007-08-29 07:53:05 75,328 ----a-w C:\WINDOWS\system32\lxtoqlwm.exe
2007-08-27 08:02:09 43,542 ----a-w C:\WINDOWS\system32\byxwtst.dll
2007-08-27 08:01:49 43,542 ----a-w C:\WINDOWS\system32\hgghfgh.dll
2007-08-26 10:07:33 43,542 ----a-w C:\WINDOWS\system32\awttuss.dll
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-07 14:44:40 356 ----a-w C:\drmHeader.bin
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14507d38-cd9f-11db-8c14-0015f2754e47}]
Shell\AutoRun\command F:\SETUP.EXE -autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c708b51b-beb5-11db-8999-806d6172696f}]
Shell\AutoRun\command E:\_AUTORUN\AUTORUN.EXE
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 22:53:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-11-01 22:53:17
C:\ComboFix-quarantined-files.txt ... 2007-11-01 22:53
C:\ComboFix2.txt ... 2007-10-29 21:42
C:\ComboFix3.txt ... 2007-10-29 16:20
"bertrand" - 2007-11-01 22:52:28 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\"
Command switches used :: ""C:\Documents and Settings\bertrand\Bureau\CFScript.txt""
((((((((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 ))))))))))))))))))))))))))))))))))
2007-11-01 22:51 86,592 --a------ C:\WINDOWS\system32\obfihsux.dll
2007-10-31 18:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-31 18:02 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-31 18:02 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-31 18:02 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-31 18:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-31 18:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-10-31 17:03:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-10-28 08:58:32 79,172 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-28 08:58:32 476,478 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-27 13:32:08 -------- d-----w C:\DOCUME~1\bertrand\APPLIC~1\Azureus
2007-10-26 18:43:08 10,816 ----a-w C:\WINDOWS\system32\__c001C544.dat
2007-10-26 17:36:45 10,816 ----a-w C:\WINDOWS\system32\__c00C9052.dat
2007-09-30 14:05:40 75,328 ----a-w C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 10:10:41 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-09-30 10:10:41 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-30 10:10:41 26,357 ----a-w C:\WINDOWS\scunin.dat
2007-09-29 14:08:31 75,328 ----a-w C:\WINDOWS\system32\mteyrjwk.exe
2007-09-27 13:15:44 70,208 ----a-w C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 13:03:57 75,328 ----a-w C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-23 09:47:51 75,328 ----a-w C:\WINDOWS\system32\kbhchboi.exe
2007-09-23 09:34:16 -------- d-----w C:\Program Files\Windows Live
2007-09-23 09:34:16 -------- d-----w C:\Program Files\MSN Messenger
2007-09-22 18:49:58 75,328 ----a-w C:\WINDOWS\system32\rktqrgjx.exe
2007-09-21 18:49:04 75,328 ----a-w C:\WINDOWS\system32\gmxwwqqs.exe
2007-09-16 16:44:04 75,328 ----a-w C:\WINDOWS\system32\goovluob.exe
2007-09-15 16:41:01 75,328 ----a-w C:\WINDOWS\system32\xlijigre.exe
2007-09-08 22:21:23 75,328 ----a-w C:\WINDOWS\system32\pbbrxbtu.exe
2007-09-05 12:29:37 75,328 ----a-w C:\WINDOWS\system32\dgxpmpcn.exe
2007-09-02 09:00:56 75,328 ----a-w C:\WINDOWS\system32\ynrpryeg.exe
2007-09-01 09:01:59 75,328 ----a-w C:\WINDOWS\system32\ktfmwrjl.exe
2007-08-31 09:05:56 75,328 ----a-w C:\WINDOWS\system32\jhkdsswg.exe
2007-08-30 09:00:28 75,328 ----a-w C:\WINDOWS\system32\xgqionhm.exe
2007-08-29 07:53:05 75,328 ----a-w C:\WINDOWS\system32\lxtoqlwm.exe
2007-08-27 08:02:09 43,542 ----a-w C:\WINDOWS\system32\byxwtst.dll
2007-08-27 08:01:49 43,542 ----a-w C:\WINDOWS\system32\hgghfgh.dll
2007-08-26 10:07:33 43,542 ----a-w C:\WINDOWS\system32\awttuss.dll
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-07 14:44:40 356 ----a-w C:\drmHeader.bin
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14507d38-cd9f-11db-8c14-0015f2754e47}]
Shell\AutoRun\command F:\SETUP.EXE -autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c708b51b-beb5-11db-8999-806d6172696f}]
Shell\AutoRun\command E:\_AUTORUN\AUTORUN.EXE
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 22:53:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-11-01 22:53:17
C:\ComboFix-quarantined-files.txt ... 2007-11-01 22:53
C:\ComboFix2.txt ... 2007-10-29 21:42
C:\ComboFix3.txt ... 2007-10-29 16:20
Voila le contenu du script :
{\rtf1\ansi\ansicpg1252\deff0\deflang1036{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 File::\par
C:\\WINDOWS\\system32\\obfihsux.dll\par
C:\\WINDOWS\\system32\\xdwobtpk.dll\par
C:\\WINDOWS\\system32\\__c001C544.dat\par
C:\\WINDOWS\\system32\\hhosjshq.exe\par
C:\\WINDOWS\\system32\\gptsoluv.exe\par
C:\\WINDOWS\\system32\\rbxqibso.dll\par
C:\\WINDOWS\\system32\\__c00C9052.dat\par
C:\\WINDOWS\\system32\\rlytlbcf.exe\par
C:\\WINDOWS\\system32\\scqombfn.exe\par
C:\\WINDOWS\\system32\\bqflmpmt.exe\par
C:\\WINDOWS\\system32\\ngwiclmj.exe\par
C:\\WINDOWS\\system32\\ochjedrj.exe\par
C:\\WINDOWS\\system32\\ycsghbaf.exe\par
C:\\WINDOWS\\system32\\mteyrjwk.exe \par
\par
Registry::\par
[-HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run]\par
"27ea3fee"=-\par
[-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]\par
"\{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F\}"=-\par
}
{\rtf1\ansi\ansicpg1252\deff0\deflang1036{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 File::\par
C:\\WINDOWS\\system32\\obfihsux.dll\par
C:\\WINDOWS\\system32\\xdwobtpk.dll\par
C:\\WINDOWS\\system32\\__c001C544.dat\par
C:\\WINDOWS\\system32\\hhosjshq.exe\par
C:\\WINDOWS\\system32\\gptsoluv.exe\par
C:\\WINDOWS\\system32\\rbxqibso.dll\par
C:\\WINDOWS\\system32\\__c00C9052.dat\par
C:\\WINDOWS\\system32\\rlytlbcf.exe\par
C:\\WINDOWS\\system32\\scqombfn.exe\par
C:\\WINDOWS\\system32\\bqflmpmt.exe\par
C:\\WINDOWS\\system32\\ngwiclmj.exe\par
C:\\WINDOWS\\system32\\ochjedrj.exe\par
C:\\WINDOWS\\system32\\ycsghbaf.exe\par
C:\\WINDOWS\\system32\\mteyrjwk.exe \par
\par
Registry::\par
[-HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run]\par
"27ea3fee"=-\par
[-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]\par
"\{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F\}"=-\par
}
C'est quoi les caractères bizarres ![:/]( ":/")
Il faut mettre ça :
File::
C:\\WINDOWS\\system32\\obfihsux.dll\par
C:\\WINDOWS\\system32\\xdwobtpk.dll\par
C:\WINDOWS\system32\__c001C544.dat
C:\WINDOWS\system32\hhosjshq.exe
C:\WINDOWS\system32\gptsoluv.exe
C:\WINDOWS\system32\rbxqibso.dll
C:\WINDOWS\system32\__c00C9052.dat
C:\WINDOWS\system32\rlytlbcf.exe
C:\WINDOWS\system32\scqombfn.exe
C:\WINDOWS\system32\bqflmpmt.exe
C:\WINDOWS\system32\ngwiclmj.exe
C:\WINDOWS\system32\ochjedrj.exe
C:\WINDOWS\system32\ycsghbaf.exe
C:\WINDOWS\system32\mteyrjwk.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"27ea3fee"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"=-
Il faut mettre ça :
File::
C:\\WINDOWS\\system32\\obfihsux.dll\par
C:\\WINDOWS\\system32\\xdwobtpk.dll\par
C:\WINDOWS\system32\__c001C544.dat
C:\WINDOWS\system32\hhosjshq.exe
C:\WINDOWS\system32\gptsoluv.exe
C:\WINDOWS\system32\rbxqibso.dll
C:\WINDOWS\system32\__c00C9052.dat
C:\WINDOWS\system32\rlytlbcf.exe
C:\WINDOWS\system32\scqombfn.exe
C:\WINDOWS\system32\bqflmpmt.exe
C:\WINDOWS\system32\ngwiclmj.exe
C:\WINDOWS\system32\ochjedrj.exe
C:\WINDOWS\system32\ycsghbaf.exe
C:\WINDOWS\system32\mteyrjwk.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"27ea3fee"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"=-
Exact je ne sais pas ce qu'il a pu se passer.Voila le nouveau rapport :
"bertrand" - 2007-11-04 14:12:36 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\"
Command switches used :: ""C:\Documents and Settings\bertrand\Bureau\CFScript.txt""
((((((((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 ))))))))))))))))))))))))))))))))))
2007-10-31 18:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-31 18:02 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-31 18:02 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-31 18:02 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-31 18:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-31 18:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-03 10:41:05 -------- d-----w C:\DOCUME~1\bertrand\APPLIC~1\Azureus
2007-10-31 17:03:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-10-28 08:58:32 79,172 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-28 08:58:32 476,478 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-26 18:43:08 10,816 ----a-w C:\WINDOWS\system32\__c001C544.dat
2007-10-26 17:36:45 10,816 ----a-w C:\WINDOWS\system32\__c00C9052.dat
2007-09-30 14:05:40 75,328 ----a-w C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 10:10:41 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-09-30 10:10:41 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-30 10:10:41 26,357 ----a-w C:\WINDOWS\scunin.dat
2007-09-29 14:08:31 75,328 ----a-w C:\WINDOWS\system32\mteyrjwk.exe
2007-09-27 13:15:44 70,208 ----a-w C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 13:03:57 75,328 ----a-w C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-23 09:47:51 75,328 ----a-w C:\WINDOWS\system32\kbhchboi.exe
2007-09-23 09:34:16 -------- d-----w C:\Program Files\Windows Live
2007-09-23 09:34:16 -------- d-----w C:\Program Files\MSN Messenger
2007-09-22 18:49:58 75,328 ----a-w C:\WINDOWS\system32\rktqrgjx.exe
2007-09-21 18:49:04 75,328 ----a-w C:\WINDOWS\system32\gmxwwqqs.exe
2007-09-16 16:44:04 75,328 ----a-w C:\WINDOWS\system32\goovluob.exe
2007-09-15 16:41:01 75,328 ----a-w C:\WINDOWS\system32\xlijigre.exe
2007-09-08 22:21:23 75,328 ----a-w C:\WINDOWS\system32\pbbrxbtu.exe
2007-09-05 12:29:37 75,328 ----a-w C:\WINDOWS\system32\dgxpmpcn.exe
2007-09-02 09:00:56 75,328 ----a-w C:\WINDOWS\system32\ynrpryeg.exe
2007-09-01 09:01:59 75,328 ----a-w C:\WINDOWS\system32\ktfmwrjl.exe
2007-08-31 09:05:56 75,328 ----a-w C:\WINDOWS\system32\jhkdsswg.exe
2007-08-30 09:00:28 75,328 ----a-w C:\WINDOWS\system32\xgqionhm.exe
2007-08-29 07:53:05 75,328 ----a-w C:\WINDOWS\system32\lxtoqlwm.exe
2007-08-27 08:02:09 43,542 ----a-w C:\WINDOWS\system32\byxwtst.dll
2007-08-27 08:01:49 43,542 ----a-w C:\WINDOWS\system32\hgghfgh.dll
2007-08-26 10:07:33 43,542 ----a-w C:\WINDOWS\system32\awttuss.dll
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-07 14:44:40 356 ----a-w C:\drmHeader.bin
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14507d38-cd9f-11db-8c14-0015f2754e47}]
Shell\AutoRun\command F:\SETUP.EXE -autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c708b51b-beb5-11db-8999-806d6172696f}]
Shell\AutoRun\command E:\_AUTORUN\AUTORUN.EXE
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 14:13:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-11-04 14:13:32
C:\ComboFix-quarantined-files.txt ... 2007-11-04 14:13
C:\ComboFix2.txt ... 2007-11-01 22:53
C:\ComboFix3.txt ... 2007-10-29 21:42
"bertrand" - 2007-11-04 14:12:36 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\"
Command switches used :: ""C:\Documents and Settings\bertrand\Bureau\CFScript.txt""
((((((((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 ))))))))))))))))))))))))))))))))))
2007-10-31 18:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-31 18:02 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-31 18:02 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-31 18:02 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-31 18:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-31 18:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\xdwobtpk.dll
2007-10-26 19:43 10,816 --a------ C:\WINDOWS\system32\__c001C544.dat
2007-10-26 19:40 75,328 --a------ C:\WINDOWS\system32\hhosjshq.exe
2007-10-26 18:37 75,328 --a------ C:\WINDOWS\system32\gptsoluv.exe
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\rbxqibso.dll
2007-10-26 18:36 10,816 --a------ C:\WINDOWS\system32\__c00C9052.dat
2007-10-21 17:49 75,328 --a------ C:\WINDOWS\system32\rlytlbcf.exe
2007-10-20 17:52 75,328 --a------ C:\WINDOWS\system32\scqombfn.exe
2007-10-18 12:26 75,328 --a------ C:\WINDOWS\system32\bqflmpmt.exe
2007-10-07 18:12 <REP> d-------- C:\Program Files\3DO
2007-10-07 16:34 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-10-07 16:25 75,328 --a------ C:\WINDOWS\system32\ngwiclmj.exe
2007-10-06 16:28 75,328 --a------ C:\WINDOWS\system32\ochjedrj.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-03 10:41:05 -------- d-----w C:\DOCUME~1\bertrand\APPLIC~1\Azureus
2007-10-31 17:03:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-10-28 08:58:32 79,172 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-28 08:58:32 476,478 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-26 18:43:08 10,816 ----a-w C:\WINDOWS\system32\__c001C544.dat
2007-10-26 17:36:45 10,816 ----a-w C:\WINDOWS\system32\__c00C9052.dat
2007-09-30 14:05:40 75,328 ----a-w C:\WINDOWS\system32\ycsghbaf.exe
2007-09-30 10:10:41 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-09-30 10:10:41 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-30 10:10:41 26,357 ----a-w C:\WINDOWS\scunin.dat
2007-09-29 14:08:31 75,328 ----a-w C:\WINDOWS\system32\mteyrjwk.exe
2007-09-27 13:15:44 70,208 ----a-w C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 13:03:57 75,328 ----a-w C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-23 09:47:51 75,328 ----a-w C:\WINDOWS\system32\kbhchboi.exe
2007-09-23 09:34:16 -------- d-----w C:\Program Files\Windows Live
2007-09-23 09:34:16 -------- d-----w C:\Program Files\MSN Messenger
2007-09-22 18:49:58 75,328 ----a-w C:\WINDOWS\system32\rktqrgjx.exe
2007-09-21 18:49:04 75,328 ----a-w C:\WINDOWS\system32\gmxwwqqs.exe
2007-09-16 16:44:04 75,328 ----a-w C:\WINDOWS\system32\goovluob.exe
2007-09-15 16:41:01 75,328 ----a-w C:\WINDOWS\system32\xlijigre.exe
2007-09-08 22:21:23 75,328 ----a-w C:\WINDOWS\system32\pbbrxbtu.exe
2007-09-05 12:29:37 75,328 ----a-w C:\WINDOWS\system32\dgxpmpcn.exe
2007-09-02 09:00:56 75,328 ----a-w C:\WINDOWS\system32\ynrpryeg.exe
2007-09-01 09:01:59 75,328 ----a-w C:\WINDOWS\system32\ktfmwrjl.exe
2007-08-31 09:05:56 75,328 ----a-w C:\WINDOWS\system32\jhkdsswg.exe
2007-08-30 09:00:28 75,328 ----a-w C:\WINDOWS\system32\xgqionhm.exe
2007-08-29 07:53:05 75,328 ----a-w C:\WINDOWS\system32\lxtoqlwm.exe
2007-08-27 08:02:09 43,542 ----a-w C:\WINDOWS\system32\byxwtst.dll
2007-08-27 08:01:49 43,542 ----a-w C:\WINDOWS\system32\hgghfgh.dll
2007-08-26 10:07:33 43,542 ----a-w C:\WINDOWS\system32\awttuss.dll
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-07 14:44:40 356 ----a-w C:\drmHeader.bin
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"27ea3fee"="rundll32.exe \"C:\\WINDOWS\\system32\\obfihsux.dll\",b"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{12C6F90D-7BE8-4A1B-8F51-1B35636AD52F}"="syshosts.dll" [x]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC7E4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\__c001C544.dat"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14507d38-cd9f-11db-8c14-0015f2754e47}]
Shell\AutoRun\command F:\SETUP.EXE -autorun
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c708b51b-beb5-11db-8999-806d6172696f}]
Shell\AutoRun\command E:\_AUTORUN\AUTORUN.EXE
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 14:13:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-11-04 14:13:32
C:\ComboFix-quarantined-files.txt ... 2007-11-04 14:13
C:\ComboFix2.txt ... 2007-11-01 22:53
C:\ComboFix3.txt ... 2007-10-29 21:42
Re,
On va faire autrement.
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\obfihsux.dll
C:\\WINDOWS\system32\xdwobtpk.dll
C:\WINDOWS\system32\__c001C544.dat
C:\WINDOWS\system32\hhosjshq.exe
C:\WINDOWS\system32\gptsoluv.exe
C:\WINDOWS\system32\rbxqibso.dll
C:\WINDOWS\system32\__c00C9052.dat
C:\WINDOWS\system32\rlytlbcf.exe
C:\WINDOWS\system32\scqombfn.exe
C:\WINDOWS\system32\bqflmpmt.exe
C:\WINDOWS\system32\ngwiclmj.exe
C:\WINDOWS\system32\ochjedrj.exe
C:\WINDOWS\system32\ycsghbaf.exe
C:\WINDOWS\system32\mteyrjwk.exe
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
On va faire autrement.
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\obfihsux.dll
C:\\WINDOWS\system32\xdwobtpk.dll
C:\WINDOWS\system32\__c001C544.dat
C:\WINDOWS\system32\hhosjshq.exe
C:\WINDOWS\system32\gptsoluv.exe
C:\WINDOWS\system32\rbxqibso.dll
C:\WINDOWS\system32\__c00C9052.dat
C:\WINDOWS\system32\rlytlbcf.exe
C:\WINDOWS\system32\scqombfn.exe
C:\WINDOWS\system32\bqflmpmt.exe
C:\WINDOWS\system32\ngwiclmj.exe
C:\WINDOWS\system32\ochjedrj.exe
C:\WINDOWS\system32\ycsghbaf.exe
C:\WINDOWS\system32\mteyrjwk.exe
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Je n'ai pas trouvé le rapport mais tout a été déplacé correctement sans aucun problème.De plus je pense que ça a un lien mais tous ces fichiers que tu m'as fait déplacés sont repérés comme trojan ou virus par AVG et lorsque je les mets en quarantaine, j'ai un messagd 'erreur au démarrage de windows disant "fichier blabla" not found.Ca n'a pas l'air d'avoir une quelconque incidence mais ça parait quand même pas tout a fait normal.
Merci pour tout jusqua maintenant.
Merci pour tout jusqua maintenant.
Voila le nouveau rapport mais évidemment tout avaity déja été déplacé donc...not found :
File/Folder C:\WINDOWS\system32\obfihsux.dll\par not found.
File/Folder C:\\WINDOWS\\system32\\xdwobtpk.dll\par not found.
File/Folder C:\WINDOWS\system32\__c001C544.dat not found.
File/Folder C:\WINDOWS\system32\hhosjshq.exe not found.
File/Folder C:\WINDOWS\system32\gptsoluv.exe not found.
File/Folder C:\WINDOWS\system32\rbxqibso.dll not found.
File/Folder C:\WINDOWS\system32\__c00C9052.dat not found.
File/Folder C:\WINDOWS\system32\rlytlbcf.exe not found.
File/Folder C:\WINDOWS\system32\scqombfn.exe not found.
File/Folder C:\WINDOWS\system32\bqflmpmt.exe not found.
File/Folder C:\WINDOWS\system32\ngwiclmj.exe not found.
File/Folder C:\WINDOWS\system32\ochjedrj.exe not found.
File/Folder C:\WINDOWS\system32\ycsghbaf.exe not found.
File/Folder C:\WINDOWS\system32\mteyrjwk.exe not found.
Created on 11/05/2007 12:15:45
File/Folder C:\WINDOWS\system32\obfihsux.dll\par not found.
File/Folder C:\\WINDOWS\\system32\\xdwobtpk.dll\par not found.
File/Folder C:\WINDOWS\system32\__c001C544.dat not found.
File/Folder C:\WINDOWS\system32\hhosjshq.exe not found.
File/Folder C:\WINDOWS\system32\gptsoluv.exe not found.
File/Folder C:\WINDOWS\system32\rbxqibso.dll not found.
File/Folder C:\WINDOWS\system32\__c00C9052.dat not found.
File/Folder C:\WINDOWS\system32\rlytlbcf.exe not found.
File/Folder C:\WINDOWS\system32\scqombfn.exe not found.
File/Folder C:\WINDOWS\system32\bqflmpmt.exe not found.
File/Folder C:\WINDOWS\system32\ngwiclmj.exe not found.
File/Folder C:\WINDOWS\system32\ochjedrj.exe not found.
File/Folder C:\WINDOWS\system32\ycsghbaf.exe not found.
File/Folder C:\WINDOWS\system32\mteyrjwk.exe not found.
Created on 11/05/2007 12:15:45
Logfile of HijackThis v1.99.1
Scan saved at 15:57:11, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 15:57:11, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re,
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O4 - HKLM\..\Run: [27ea3fee] rundll32.exe "C:\WINDOWS\system32\obfihsux.dll",b
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001C544.dat
O20 - Winlogon Notify: __c00BC7E4 - C:\WINDOWS\system32\__c00BC7E4.dat (file missing)
O21 - SSODL: syshosts - {12C6F90D-7BE8-4A1B-8F51-1B35636AD52F} - syshosts.dll (file missing)
Voilou :
Logfile of HijackThis v1.99.1
Scan saved at 19:26:11, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Azureus\Azureus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:26:11, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\pvsxrsqp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lclock.exe
D:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Azureus\Azureus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: offline-8876480 - {FD48BF48-F78E-4B57-BC55-2558C358E855} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\pvsxrsqp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
voila :
"bertrand" - 2007-11-11 0:59:09 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
((((((((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-11 ))))))))))))))))))))))))))))))))))
2007-10-31 18:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-31 18:02 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-31 18:02 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-31 18:02 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-31 18:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-31 18:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-10 17:14:18 -------- d-----w C:\DOCUME~1\bertrand\APPLIC~1\Azureus
2007-10-31 17:03:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-10-28 08:58:32 79,172 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-28 08:58:32 476,478 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-07 17:12:11 -------- d-----w C:\Program Files\3DO
2007-09-30 10:10:41 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-09-30 10:10:41 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-30 10:10:41 26,357 ----a-w C:\WINDOWS\scunin.dat
2007-09-27 13:15:44 70,208 ----a-w C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 13:03:57 75,328 ----a-w C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-23 09:47:51 75,328 ----a-w C:\WINDOWS\system32\kbhchboi.exe
2007-09-23 09:34:16 -------- d-----w C:\Program Files\Windows Live
2007-09-23 09:34:16 -------- d-----w C:\Program Files\MSN Messenger
2007-09-22 18:49:58 75,328 ----a-w C:\WINDOWS\system32\rktqrgjx.exe
2007-09-21 18:49:04 75,328 ----a-w C:\WINDOWS\system32\gmxwwqqs.exe
2007-09-16 16:44:04 75,328 ----a-w C:\WINDOWS\system32\goovluob.exe
2007-09-15 16:41:01 75,328 ----a-w C:\WINDOWS\system32\xlijigre.exe
2007-09-08 22:21:23 75,328 ----a-w C:\WINDOWS\system32\pbbrxbtu.exe
2007-09-05 12:29:37 75,328 ----a-w C:\WINDOWS\system32\dgxpmpcn.exe
2007-09-02 09:00:56 75,328 ----a-w C:\WINDOWS\system32\ynrpryeg.exe
2007-09-01 09:01:59 75,328 ----a-w C:\WINDOWS\system32\ktfmwrjl.exe
2007-08-31 09:05:56 75,328 ----a-w C:\WINDOWS\system32\jhkdsswg.exe
2007-08-30 09:00:28 75,328 ----a-w C:\WINDOWS\system32\xgqionhm.exe
2007-08-29 07:53:05 75,328 ----a-w C:\WINDOWS\system32\lxtoqlwm.exe
2007-08-27 08:02:09 43,542 ----a-w C:\WINDOWS\system32\byxwtst.dll
2007-08-27 08:01:49 43,542 ----a-w C:\WINDOWS\system32\hgghfgh.dll
2007-08-26 10:07:33 43,542 ----a-w C:\WINDOWS\system32\awttuss.dll
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-07 14:44:40 356 ----a-w C:\drmHeader.bin
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 01:00:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-11-11 1:00:08
C:\ComboFix-quarantined-files.txt ... 2007-11-11 01:00
C:\ComboFix2.txt ... 2007-11-04 14:13
C:\ComboFix3.txt ... 2007-11-01 22:53
"bertrand" - 2007-11-11 0:59:09 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\bertrand\Bureau\Utilitaires\Popup system\"
((((((((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-11 ))))))))))))))))))))))))))))))))))
2007-10-31 18:02 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-10-31 18:02 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-31 18:02 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-31 18:02 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-31 18:02 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-31 18:02 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 12:52 45,568 --a------ C:\WINDOWS\UniFish3.exe
2007-10-27 12:52 227 --a------ C:\WINDOWS\PowerReg.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-10 17:14:18 -------- d-----w C:\DOCUME~1\bertrand\APPLIC~1\Azureus
2007-10-31 17:03:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-10-28 08:58:32 79,172 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-28 08:58:32 476,478 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-07 17:12:11 -------- d-----w C:\Program Files\3DO
2007-09-30 10:10:41 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-09-30 10:10:41 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-30 10:10:41 26,357 ----a-w C:\WINDOWS\scunin.dat
2007-09-27 13:15:44 70,208 ----a-w C:\WINDOWS\system32\egomvuoy.dll
2007-09-27 13:03:57 75,328 ----a-w C:\WINDOWS\system32\pvsxrsqp.exe
2007-09-23 09:47:51 75,328 ----a-w C:\WINDOWS\system32\kbhchboi.exe
2007-09-23 09:34:16 -------- d-----w C:\Program Files\Windows Live
2007-09-23 09:34:16 -------- d-----w C:\Program Files\MSN Messenger
2007-09-22 18:49:58 75,328 ----a-w C:\WINDOWS\system32\rktqrgjx.exe
2007-09-21 18:49:04 75,328 ----a-w C:\WINDOWS\system32\gmxwwqqs.exe
2007-09-16 16:44:04 75,328 ----a-w C:\WINDOWS\system32\goovluob.exe
2007-09-15 16:41:01 75,328 ----a-w C:\WINDOWS\system32\xlijigre.exe
2007-09-08 22:21:23 75,328 ----a-w C:\WINDOWS\system32\pbbrxbtu.exe
2007-09-05 12:29:37 75,328 ----a-w C:\WINDOWS\system32\dgxpmpcn.exe
2007-09-02 09:00:56 75,328 ----a-w C:\WINDOWS\system32\ynrpryeg.exe
2007-09-01 09:01:59 75,328 ----a-w C:\WINDOWS\system32\ktfmwrjl.exe
2007-08-31 09:05:56 75,328 ----a-w C:\WINDOWS\system32\jhkdsswg.exe
2007-08-30 09:00:28 75,328 ----a-w C:\WINDOWS\system32\xgqionhm.exe
2007-08-29 07:53:05 75,328 ----a-w C:\WINDOWS\system32\lxtoqlwm.exe
2007-08-27 08:02:09 43,542 ----a-w C:\WINDOWS\system32\byxwtst.dll
2007-08-27 08:01:49 43,542 ----a-w C:\WINDOWS\system32\hgghfgh.dll
2007-08-26 10:07:33 43,542 ----a-w C:\WINDOWS\system32\awttuss.dll
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-07 14:44:40 356 ----a-w C:\drmHeader.bin
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{22BF413B-C6D2-4d91-82A9-A0F997BA588C}"="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTxfiHlp"="CTXFIHLP.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LClock"="lclock.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"LSD_III"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,4c,53,44,5c,65,6e,64,\
2e,63,6d,64,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000040
"NoSMBalloonTip"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 01:00:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-11-11 1:00:08
C:\ComboFix-quarantined-files.txt ... 2007-11-11 01:00
C:\ComboFix2.txt ... 2007-11-04 14:13
C:\ComboFix3.txt ... 2007-11-01 22:53
voilou :
AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007 12:21
Scanning for 932510 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: KOSVOCORE
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 11:16:04
ANTIVIR3.VDF : 7.0.0.226 98304 Bytes 16/11/2007 11:16:04
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 11:16:05
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 18 novembre 2007 12:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'DKService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\service.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] TR/Agent.90112.G:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<MDNS>=sz:service.exe
[INFO] The file was moved to '47b220c0.qua'!
C:\WINDOWS\system32\service.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'C:\' <SYSTEM>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\bertrand\Local Settings\Temp\aupd.exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.KO.1
[INFO] The file was moved to '47b0211b.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b22111.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\mitA.tmp
[0] Archive type: CAB (Microsoft)
--> Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b42112.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\mitA.tmp.cab
[0] Archive type: CAB (Microsoft)
--> Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b42114.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tem1D.tmp.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.646584
[INFO] The file was moved to '47ad2112.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp40.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47b0211c.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp46.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '435c1da5.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp4C.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47b0211e.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\nsh27.tmp\dcads40.exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.JJ
[INFO] The file was moved to '47a12113.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\nsh27.tmp\setup_superiorads.exe
[DETECTION] Contains detection pattern of the dropper DR/TrafficSol.M
[INFO] The file was moved to '47b42116.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\C1Q34HIJ\playmp3z_un[1]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a1212a.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\C1Q34HIJ\playmp3z_un[2]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a1212b.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\G56JK9AB\playmp3z_un[1]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a12131.qua'!
C:\Program Files\WinRAR\WinRAR.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.13 Backdoor server programs
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\boegojyc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a5226f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcy.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a22266.qua'!
C:\VundoFix Backups\acuugwym.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47b52265.qua'!
C:\VundoFix Backups\axwxihwt.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b7227a.qua'!
C:\VundoFix Backups\cbxyayv.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '47b82264.qua'!
C:\VundoFix Backups\hggeebc.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '47a7226a.qua'!
C:\VundoFix Backups\kkfpyngt.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47a6226e.qua'!
C:\VundoFix Backups\ncojvjev.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47af2266.qua'!
C:\VundoFix Backups\pmnlk.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ae2270.qua'!
C:\WINDOWS\system32\awttuss.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b42326.qua'!
C:\WINDOWS\system32\byxwtst.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b82329.qua'!
C:\WINDOWS\system32\dgxpmpcn.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b8231a.qua'!
C:\WINDOWS\system32\egomvuoy.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47af231c.qua'!
C:\WINDOWS\system32\gmxwwqqs.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b82323.qua'!
C:\WINDOWS\system32\goovluob.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47af2325.qua'!
C:\WINDOWS\system32\hgghfgh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a7231e.qua'!
C:\WINDOWS\system32\jhkdsswg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47ab2321.qua'!
C:\WINDOWS\system32\kbhchboi.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a8231b.qua'!
C:\WINDOWS\system32\ktfmwrjl.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a6232e.qua'!
C:\WINDOWS\system32\lxtoqlwm.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b42332.qua'!
C:\WINDOWS\system32\pbbrxbtu.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a22323.qua'!
C:\WINDOWS\system32\pvsxrsqp.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b32338.qua'!
C:\WINDOWS\system32\rktqrgjx.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b4232e.qua'!
C:\WINDOWS\system32\xgqionhm.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b12331.qua'!
C:\WINDOWS\system32\xlijigre.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a92337.qua'!
C:\WINDOWS\system32\ynrpryeg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b22339.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\bqflmpmt.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a62351.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\gptsoluv.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b42351.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hhosjshq.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47af2349.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mteyrjwk.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a52355.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ngwiclmj.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b72348.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ochjedrj.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a82345.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rlytlbcf.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b9234e.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\scqombfn.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b12345.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ycsghbaf.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b32345.qua'!
Begin scan in 'D:\'
End of the scan: dimanche 18 novembre 2007 12:53
Used time: 31:22 min
The scan has been done completely.
7015 Scanning directories
403805 Files were scanned
50 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
49 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
403755 Files not concerned
2209 Archives were scanned
3 Warnings
99 Notes
AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007 12:21
Scanning for 932510 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: KOSVOCORE
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 11:16:04
ANTIVIR3.VDF : 7.0.0.226 98304 Bytes 16/11/2007 11:16:04
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 11:16:05
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 18 novembre 2007 12:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'DKService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\service.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] TR/Agent.90112.G:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<MDNS>=sz:service.exe
[INFO] The file was moved to '47b220c0.qua'!
C:\WINDOWS\system32\service.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'C:\' <SYSTEM>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\bertrand\Local Settings\Temp\aupd.exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.KO.1
[INFO] The file was moved to '47b0211b.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b22111.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\mitA.tmp
[0] Archive type: CAB (Microsoft)
--> Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b42112.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\mitA.tmp.cab
[0] Archive type: CAB (Microsoft)
--> Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b42114.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tem1D.tmp.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.646584
[INFO] The file was moved to '47ad2112.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp40.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47b0211c.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp46.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '435c1da5.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp4C.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47b0211e.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\nsh27.tmp\dcads40.exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.JJ
[INFO] The file was moved to '47a12113.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\nsh27.tmp\setup_superiorads.exe
[DETECTION] Contains detection pattern of the dropper DR/TrafficSol.M
[INFO] The file was moved to '47b42116.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\C1Q34HIJ\playmp3z_un[1]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a1212a.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\C1Q34HIJ\playmp3z_un[2]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a1212b.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\G56JK9AB\playmp3z_un[1]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a12131.qua'!
C:\Program Files\WinRAR\WinRAR.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.13 Backdoor server programs
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\boegojyc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a5226f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcy.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a22266.qua'!
C:\VundoFix Backups\acuugwym.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47b52265.qua'!
C:\VundoFix Backups\axwxihwt.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b7227a.qua'!
C:\VundoFix Backups\cbxyayv.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '47b82264.qua'!
C:\VundoFix Backups\hggeebc.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '47a7226a.qua'!
C:\VundoFix Backups\kkfpyngt.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47a6226e.qua'!
C:\VundoFix Backups\ncojvjev.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47af2266.qua'!
C:\VundoFix Backups\pmnlk.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ae2270.qua'!
C:\WINDOWS\system32\awttuss.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b42326.qua'!
C:\WINDOWS\system32\byxwtst.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b82329.qua'!
C:\WINDOWS\system32\dgxpmpcn.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b8231a.qua'!
C:\WINDOWS\system32\egomvuoy.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47af231c.qua'!
C:\WINDOWS\system32\gmxwwqqs.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b82323.qua'!
C:\WINDOWS\system32\goovluob.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47af2325.qua'!
C:\WINDOWS\system32\hgghfgh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a7231e.qua'!
C:\WINDOWS\system32\jhkdsswg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47ab2321.qua'!
C:\WINDOWS\system32\kbhchboi.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a8231b.qua'!
C:\WINDOWS\system32\ktfmwrjl.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a6232e.qua'!
C:\WINDOWS\system32\lxtoqlwm.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b42332.qua'!
C:\WINDOWS\system32\pbbrxbtu.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a22323.qua'!
C:\WINDOWS\system32\pvsxrsqp.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b32338.qua'!
C:\WINDOWS\system32\rktqrgjx.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b4232e.qua'!
C:\WINDOWS\system32\xgqionhm.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b12331.qua'!
C:\WINDOWS\system32\xlijigre.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a92337.qua'!
C:\WINDOWS\system32\ynrpryeg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b22339.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\bqflmpmt.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a62351.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\gptsoluv.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b42351.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hhosjshq.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47af2349.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mteyrjwk.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a52355.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ngwiclmj.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b72348.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ochjedrj.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a82345.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rlytlbcf.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b9234e.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\scqombfn.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b12345.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ycsghbaf.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b32345.qua'!
Begin scan in 'D:\'
End of the scan: dimanche 18 novembre 2007 12:53
Used time: 31:22 min
The scan has been done completely.
7015 Scanning directories
403805 Files were scanned
50 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
49 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
403755 Files not concerned
2209 Archives were scanned
3 Warnings
99 Notes
AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007 12:21
Scanning for 932510 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: KOSVOCORE
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 11:16:04
ANTIVIR3.VDF : 7.0.0.226 98304 Bytes 16/11/2007 11:16:04
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 11:16:05
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 18 novembre 2007 12:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'DKService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\service.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] TR/Agent.90112.G:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<MDNS>=sz:service.exe
[INFO] The file was moved to '47b220c0.qua'!
C:\WINDOWS\system32\service.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'C:\' <SYSTEM>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\bertrand\Local Settings\Temp\aupd.exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.KO.1
[INFO] The file was moved to '47b0211b.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b22111.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\mitA.tmp
[0] Archive type: CAB (Microsoft)
--> Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b42112.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\mitA.tmp.cab
[0] Archive type: CAB (Microsoft)
--> Mirar_V58_876927_LOG_IES_NoDMY_AFF_ATD_MDNS_RPT.exe
[DETECTION] Is the Trojan horse TR/Agent.90112.G
[INFO] The file was moved to '47b42114.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tem1D.tmp.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.646584
[INFO] The file was moved to '47ad2112.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp40.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47b0211c.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp46.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '435c1da5.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\tmp4C.tmp.exe
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47b0211e.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\nsh27.tmp\dcads40.exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.JJ
[INFO] The file was moved to '47a12113.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temp\nsh27.tmp\setup_superiorads.exe
[DETECTION] Contains detection pattern of the dropper DR/TrafficSol.M
[INFO] The file was moved to '47b42116.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\C1Q34HIJ\playmp3z_un[1]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a1212a.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\C1Q34HIJ\playmp3z_un[2]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a1212b.qua'!
C:\Documents and Settings\bertrand\Local Settings\Temporary Internet Files\Content.IE5\G56JK9AB\playmp3z_un[1]
[DETECTION] Is the Trojan horse TR/Agent.AFRM
[INFO] The file was moved to '47a12131.qua'!
C:\Program Files\WinRAR\WinRAR.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.13 Backdoor server programs
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\boegojyc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a5226f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcy.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a22266.qua'!
C:\VundoFix Backups\acuugwym.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47b52265.qua'!
C:\VundoFix Backups\axwxihwt.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b7227a.qua'!
C:\VundoFix Backups\cbxyayv.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '47b82264.qua'!
C:\VundoFix Backups\hggeebc.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.26730
[INFO] The file was moved to '47a7226a.qua'!
C:\VundoFix Backups\kkfpyngt.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47a6226e.qua'!
C:\VundoFix Backups\ncojvjev.dll.bad
[DETECTION] Is the Trojan horse TR/Agent.123952
[INFO] The file was moved to '47af2266.qua'!
C:\VundoFix Backups\pmnlk.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ae2270.qua'!
C:\WINDOWS\system32\awttuss.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b42326.qua'!
C:\WINDOWS\system32\byxwtst.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b82329.qua'!
C:\WINDOWS\system32\dgxpmpcn.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b8231a.qua'!
C:\WINDOWS\system32\egomvuoy.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47af231c.qua'!
C:\WINDOWS\system32\gmxwwqqs.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b82323.qua'!
C:\WINDOWS\system32\goovluob.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47af2325.qua'!
C:\WINDOWS\system32\hgghfgh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47a7231e.qua'!
C:\WINDOWS\system32\jhkdsswg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47ab2321.qua'!
C:\WINDOWS\system32\kbhchboi.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a8231b.qua'!
C:\WINDOWS\system32\ktfmwrjl.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a6232e.qua'!
C:\WINDOWS\system32\lxtoqlwm.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b42332.qua'!
C:\WINDOWS\system32\pbbrxbtu.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a22323.qua'!
C:\WINDOWS\system32\pvsxrsqp.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b32338.qua'!
C:\WINDOWS\system32\rktqrgjx.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b4232e.qua'!
C:\WINDOWS\system32\xgqionhm.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b12331.qua'!
C:\WINDOWS\system32\xlijigre.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a92337.qua'!
C:\WINDOWS\system32\ynrpryeg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b22339.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\bqflmpmt.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a62351.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\gptsoluv.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b42351.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hhosjshq.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47af2349.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\mteyrjwk.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a52355.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ngwiclmj.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b72348.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ochjedrj.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47a82345.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rlytlbcf.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b9234e.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\scqombfn.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b12345.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ycsghbaf.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47b32345.qua'!
Begin scan in 'D:\'
End of the scan: dimanche 18 novembre 2007 12:53
Used time: 31:22 min
The scan has been done completely.
7015 Scanning directories
403805 Files were scanned
50 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
49 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
403755 Files not concerned
2209 Archives were scanned
3 Warnings
99 Notes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumAnalyser hijackthis
- ForumHijackthis analyse
- ForumAnalyse de scan hijackthis.
- ForumAide pour analyse du log hijackthis
- ForumAnalyse de mon rapport hijackthis
- ForumHijackthis analyser
- ForumVirus rapport hijackthis a analyser
- ForumLenteur de l'ordi analyse hijackthis
- ForumAnalyse automatique hijackthis
- ForumAnalyse hijackthis
- Voir plus
