PDA

View Full Version : Hudge bill EMSAT



giuseppe
2007-02-11, 21:12
Please help me
I use a broadband connection (ADSL)
I have a phone line connected to PC in order to receive/ send fax on PC
My last bill were incredibly charged by some terrible amount for EMSAT connection 0088213884600 never dialed by me
After having changed provider the situation was good for one month until yesterday when again the bill showed 14 minute with EMSAT connection.
Spybot , AVIRA do not show viruses or spyware - Kaspirasky report follows below :

Then going thru forum I wanted to make a HijackThis check but I am unable to download it when even print on google or altavista word HijackThis
or try to download it from a site, immediately the pages of the browser “explorer “ disappear from the computer.

Can you help me to restore the computer and avoid such terrible bills and suites with telephone companies . I use a XP prgr French language.
Is possible to block modem in such a way that unsolicited transmissions do not go out and blok numbers beginning by 00 ?
Thank you very much

++++++++++++++++++++++++++++++++++++++
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 74838
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 00:37:50

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Prism\d8603451 Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\call256.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chat1024.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chat2048.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chat4096.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chat512.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chatmsg2048.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chatmsg4096.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\index2.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\transfer512.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\user1024.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\user16384.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\user4096.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Application Data\Skype\bepijibek\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Trabucchi\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Historique\History.IE5\MSHist012007021120070212\index.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Temp\Perflib_Perfdata_228.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Temp\~DF2922.tmp Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Temp\~DF96FB.tmp Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Temp\~DF970C.tmp Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Temp\~DFE335.tmp Object is locked skipped

C:\Documents and Settings\Trabucchi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\ntuser.dat Object is locked skipped

C:\Documents and Settings\Trabucchi\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP126\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\IntelNet.exe Object is locked skipped

C:\WINDOWS\IntelScr.exe Object is locked skipped

C:\WINDOWS\mcafee-network.exe Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D8F069C6-91BB-4CEF-A41D-DD36B2F7C737}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_978.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.
+++++++++++++++++++++++++++++++++++++++++++

shelf life
2007-02-13, 00:53
hi giuseppe,

you can try scanning with AVG antispyware:

AVG:
http://www.ewido.net/en/download/

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop
and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
files.
3. On the main screen select the icon "Update" then select the "
Update now" link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
select " "Quarantine" .".
6. Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

# Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan".
# ewido will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all
actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important).
# Close AVG Anti-Spyware and post the
results of the AVG Anti-Spyware report scan.

shelf life

giuseppe
2007-02-13, 19:40
Many thanks
i did all you say and here is the report of 11/2 and today
++++++++++++++++++++++++++++++++++++++++++++
+ Créé à: 22:35:54 11.02.2007

+ Résultat de l'analyse:
C:\WINDOWS\109.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\11.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\16.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\177.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\B.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\BC.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\C.tmp -> Adware.LinkOptimizer : Ignoré.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@spylog[2].txt -> TrackingCookie.Spylog : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
C:\Documents and Settings\GIUSEPPE\Cookies\giuseppe@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.

Fin du rapport

++++++++++++++++++++++++++++++++++++++++++++++

+ Créé à: 18:05:49 13.02.2007
+ Résultat de l'analyse:
C:\WINDOWS\109.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\11.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\16.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\177.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\B.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\BC.tmp -> Adware.LinkOptimizer : Ignoré.
C:\WINDOWS\C.tmp -> Adware.LinkOptimizer : Ignoré.


Fin du rapport
++++++++++++++++++++++++++++++++++++++++++++++

I noticed that at the time indicated in my phone bills when expensiv and unwanted EMSAT connections are billed, a file named rasphone is activated without any knowledge by me.
I disconnected phone /fax line from PC in order to avoid unwanted communication to go out and linked the fax to a separate fax machine not to the PC.
in the explorer looks like this: name rasphone in the file : C:\Documents and settings\All Users\Application Data\Microsoft\Network\Connections\Pbk
Somthing wrong I think is still inside the PC giving damaging instructions .
Thanks for help
giuseppe

giuseppe
2007-02-13, 20:18
still after running AVG antispy Spyboat has found CurePCSolution which of course I have eliminated

giuseppe
2007-02-13, 20:37
Now I was even able to do a HijackThis test
here is the result which I divide in 2 posts
Thanks for help
giuseppe

Logfile of HijackThis v1.99.1
Scan saved at 19:31:34, on 13.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\PRISMSVR.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldcom.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\intelnet.exe","c:\windows\intelscr.exe","c:\windows\mcafee-network.exe",
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Class - {E97C9119-DD98-9DC2-4B78-9FC041437CB4} - blank (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: (no name) - {67984beb-075d-49ae-a50b-352e145faab8} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2D4C57AA-54C0-4942-BB2A-51DF0727950B} (ImResize Class) - http://www.openkremlin.ru/cab/ImResCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161707306000
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web3.photocolor.net/PhotoProducts/ActiveX/PhotocolorUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://go.winfixer.com/MTUxNQ==/2/767/SP2/
O18 - Protocol: bw+0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

giuseppe
2007-02-13, 20:38
O18 - Protocol: offline-8876480 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: dtcclzex - C:\WINDOWS\system32\dtcclzex.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

shelf life
2007-02-14, 01:47
hi giuseppe,

ok good. we will us a tool from prevx that should remove linkoptimizer: please download and run it:

http://www.castlecops.com/a6639-Gromozon_Linkoptimizer_REMOVAL_TOOL.html
-----------------------------
please run AVG again also and save the report.
-----------------------------
last do this;
using explorer(right click on start>explore) drill down to these >>> you want to delete whats >inside< the folder, not the folder itself<<

C:\Windows\Temp\

C:\Documents and Settings\-Your Profile-\Local Settings\Temporary Internet Files\ (will dump all your cached internet content including cookies)

C:\Documents and Settings\-Your Profile-\Local Settings\Temp\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temporary Internet Files\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temp\
-----------------------------------------
reboot computer once, please rescan and post a new hjt log and the saved AVG report.

shelf life

P.S.
one linkoptimzer variant can dial high-cost phone numbers
do not run the linkoptimizer uninstaller if present in the add/remove programs list
FYI:
http://www.symantec.com/enterprise/security_response/weblog/2006/08/gromozoncom_and_italian_spaghe.html

giuseppe
2007-02-14, 19:18
Hi my helper !

i did almost all you said to me few positions in Temp files refused to go to garbage
here is what I got after operations you said to me. Thanks for analyzing results and further guidelines
Giuseppe
++++++++++++++++++++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at 17:43:54, on 14.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\PRISMSVR.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldcom.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\intelnet.exe","c:\windows\intelscr.exe","c:\windows\mcafee-network.exe",
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Class - {E97C9119-DD98-9DC2-4B78-9FC041437CB4} - blank (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: (no name) - {67984beb-075d-49ae-a50b-352e145faab8} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe
O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2D4C57AA-54C0-4942-BB2A-51DF0727950B} (ImResize Class) - http://www.openkremlin.ru/cab/ImResCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161707306000
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web3.photocolor.net/PhotoProducts/ActiveX/PhotocolorUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://go.winfixer.com/MTUxNQ==/2/767/SP2/
O18 - Protocol: bw+0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

giuseppe
2007-02-14, 19:18
O20 - Winlogon Notify: dtcclzex - C:\WINDOWS\system32\dtcclzex.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
++++++++++++++++++++++++++++

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:58:12 14.02.2007
+ Résultat de l'analyse:
C:\Documents and Settings\Trabucchi\Cookies\trabucchi@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\RECYCLER\S-1-5-21-2697355046-2397756265-980563743-1007\Dc55.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Trabucchi\Cookies\trabucchi@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\RECYCLER\S-1-5-21-2697355046-2397756265-980563743-1007\Dc79.txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Trabucchi\Cookies\trabucchi@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyé.
C:\Documents and Settings\Trabucchi\Cookies\trabucchi@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Trabucchi\Cookies\trabucchi@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Nettoyé.
C:\RECYCLER\S-1-5-21-2697355046-2397756265-980563743-1007\Dc83.txt -> TrackingCookie.Planetactive : Nettoyé.
C:\Documents and Settings\Trabucchi\Cookies\trabucchi@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Trabucchi\Cookies\trabucchi@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
C:\RECYCLER\S-1-5-21-2697355046-2397756265-980563743-1007\Dc63.txt -> TrackingCookie.Yadro : Nettoyé.


Fin du rapport

giuseppe
2007-02-15, 01:09
ONE MORE TEST FROM LINKS IN YOUR PREVIOUS POST THANKS

Browser Security Test Results
Dear Customer,

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 1
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0


Warning: The test does not check for WMF vulnerability. If you use Windows, run Windows Update or get the patch.

New bugs keep coming! Sign up for announcements of new tests.

Questions about the test? Read the FAQ.

Still having questions? Send us your feedback.

Want to know how everyone else is doing on Browser Test? Check our statistics.

Help! My browser is hijacked! Read our step by step tutorial on how to clean your computer from browser hijackers and unwanted adware.

High Risk Vulnerabilities
Sun Java Plugin Arbitrary Package Access Vulnerability / Opera Java Vulnerability (idef20041123)
Description
Java Plugin allows web browsers to run Java applets. Java plugin may be used by Internet Explorer, Mozilla (and Mozilla-base browsers, such as Firefox), and other browsers.

When a browser opens a web page that contains a Java applet the browser automatically downloads the applet and runs it locally. To protect the user from malicious applets all the applets run in so called "sandbox". The sandbox restricts what an applet can do. For example, the sandbox will not allow an applet to open local files or start programs.

This bug in Sun Java Plugin allows a web site to bypass the sandbox and execute Java code that the sandbox will normally not allow and possibly gain control over the client computer.

Opera does not use Sun Java Plugin, but has a similar bug in its interface to Java.

Technical Details
Sun Java Virtual Machine contains sun.* packages that are only supposed to be used internally, by the virtual machine itself. Some private classes allow direct access to memory or modifying private fields of Java objects. If an applet attempts to load one of those packages a security exception is thrown. If an applet could load those classes it could turn off Java Security Manager and break out of Java sandbox.

JavaScript can access properties and methods of Java applets embedded on the page. It is possible to load a private package from JavaScript as shown in the code below:


var c=document.applets[0].getClass().forName('sun.text.Utility');
alert('got Class object: '+c)
Java Reflection API allows objects to examine their own structure (for example, find out the class of the object or the available methods). Reflection API defines getClass() function that returns the object's class. forName method of Class object loads the named class. The same operation done from the Java applet instead of JavaScript would fail.

Opera allows Java applets to access sun.* classes due to configuration settings.

Recommendations
Upgrade Java Environment to version 1.4.2_06 or later. It can be downloaded from http://java.sun.com/j2se/1.4.2/download.html

Opera users should upgrade to version 7.54u1 or later to fix this vulnerability. For earlier versions of Opera the following workaround is available:

Locate the file called opera.policy in Opera installation directory and find the following lines in the file:

grant {
permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
};
Comment out or remove these lines.

Additional Information

Jouko Pynnonen. Sun Java Plugin arbitrary package access vulnerability
Marc Schönefeld. Java Vulnerabilities in Opera 7.54
Changelog for Opera 7.54u1 for Windows

shelf life
2007-02-15, 02:40
hi giuseppe,

good, thanks for all the info. the dialer (link optimizer) trojan should be gone after using the prevx tool. the AVG log looks good also.

do this:
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\intelnet.exe","c:\windows\intelscr.exe","c:\windows\mcafee-network.exe",

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: Class - {E97C9119-DD98-9DC2-4B78-9FC041437CB4} - blank (file missing)

O20 - Winlogon Notify: dtcclzex - C:\WINDOWS\system32\dtcclzex.dll (file missing)
-------------------------------------------------
these 3 files are most likely left over entries but lets look and make sure anyway.

first to show all files do this:

FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

check for these 3, if found you can delete them, luckly all located here> C:\windows dir

intelnet.exe
intelscr.exe
mcafee-network.exe
--------------------------------------
also please run the prevx tool for link optimizer removal once more.
-----------------------
reboot computer once, then rescan with hjt and post a new log.
------------------------
this:
High Risk Vulnerabilities 1
make sure you are using the latest java version which is 1.5..(i think)now

shelf life

giuseppe
2007-02-15, 16:43
Hi!
Many many thanks
I did everything
these files
intelnet.exe
intelscr.exe
mcafee-network.exe
were no presents
There is a C\windows\intelNet.PIF I left where it is . when I click it, a windows comes saying "wrong name of program file. check your PIF file"
Herebelow is the last hjt
Thanks a lot for everything
+++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 15:34:35, on 15.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\PRISMSVR.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldcom.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: (no name) - {67984beb-075d-49ae-a50b-352e145faab8} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe
O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2D4C57AA-54C0-4942-BB2A-51DF0727950B} (ImResize Class) - http://www.openkremlin.ru/cab/ImResCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161707306000
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web3.photocolor.net/PhotoProducts/ActiveX/PhotocolorUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://go.winfixer.com/MTUxNQ==/2/767/SP2/
O18 - Protocol: bw+0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

giuseppe
2007-02-15, 16:43
O18 - Protocol: offline-8876480 - {B1328453-4708-40C5-9DBC-DBD74A22DF7D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

shelf life
2007-02-16, 01:36
hi giuseppe,

glad to help. looks like you are good to go.

some material for you here:
Prevention Tips (http://security-central.us/SafeHex/prevention.htm)

happy safe surfing.

giuseppe
2007-02-16, 09:45
Hi My Expert.!
Many Thanks
Indeed you helped me a lot
Your suggestion to read prevention tip arise a new question.
In Prevention tip , as already I have done several times, there is a link and a suggestion to go to http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us When I click to get Microsoft express I receive always an answer:
[Error number: 0x80070424]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:
• Frequently Asked Questions
• Find Solutions
• Windows Update Newsgroup
For assisted support options:
• Microsoft Online Assisted Support (no-cost for Windows Update issues)

I tried many time to access the above links but I never found a solution so I left things as they are. When I switch on PC, I receive a wording that my pc can have problem because windows automatic up to date is not activated. Then I click on to “activate up to date automatic” and answer is: “ sorry we can’t do that go to system……….” I go, I open “activate automatic up to date” and everything is ok automatic download and installation is on every day at 10.
Because I have never problems until now I did’nt regarded that as a problem. What is your opinion?
Many thanks Giuseppe

shelf life
2007-02-17, 00:45
hi giuseppe,

read thru and follow the link to try the solution:

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windowsupdate&tid=85e04b02-2669-4b50-b3b4-05d883e7c1d2&p=1

giuseppe
2007-02-17, 22:06
Hi !!
thank you very very very much
this last linked solved the remaining small problem
I am very glad and stisfied for your help and I can reccomend you to everybody.
Now I have to fight with the telephone company to find a compromise and reduce the last phone bills with EMSAT calls. But this will be my job
Thanks 1000 X to you
congratulations for your very valuable and comptent and broad assistance
giuseppe

shelf life
2007-02-18, 15:35
hi giuseppe,

good. glad to help.
explain to your telephone company that you had a dialer trojan on your computer, maybe they will reduce the charges for you?

happy safe surfing

shelf life