PDA

View Full Version : Smitraud, virtumonde spyware issue



wizard
2008-12-24, 04:21
run spy bot scan, malware scan, combox fix and hijack, here all the result, please help me resolve this, i just want to be sure my computer is clean as i need to do accounting for the end of the year, so all youy help would be very appreciated ! thanks a lot.


COMBOFIX:

ComboFix 08-12-23.01 - Frank 2008-12-23 21:16:59.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3070.2470 [GMT -5:00]
Lancé depuis: c:\documents and settings\Frank\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Frank\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\nmoWvGgh.ini2
c:\windows\system32\SrsvCMoq.ini2
F:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://onestopstation.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-24 au 2008-12-24 ))))))))))))))))))))))))))))))))))))
.

2008-12-23 20:30 . 2008-12-23 20:30 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 20:30 . 2008-12-23 20:30 <REP> d-------- c:\documents and settings\Frank\Application Data\Malwarebytes
2008-12-23 20:30 . 2008-12-23 20:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 20:30 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 20:30 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 20:29 . 2008-12-23 20:29 95 --a------ c:\windows\wininit.ini
2008-12-23 20:08 . 2008-12-23 20:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-23 20:08 . 2008-12-23 21:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-22 22:38 . 2008-12-22 22:38 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-22 22:33 . 2008-12-22 22:33 <REP> d-------- c:\program files\Adobe Media Player
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-12-22 22:26 . 2008-12-22 22:26 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-12-22 13:05 . 2008-12-22 13:05 <REP> d-------- c:\program files\uTorrent
2008-12-22 13:05 . 2008-12-22 22:14 <REP> d-------- c:\documents and settings\Frank\Application Data\uTorrent
2008-12-21 18:06 . 2008-12-21 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Phase One
2008-12-21 18:06 . 2008-10-13 14:50 23,808 --a------ c:\windows\system32\drivers\p1c1394.sys
2008-12-21 18:05 . 2008-12-21 18:05 <REP> d-------- c:\program files\Phase One
2008-12-21 17:20 . 2008-12-21 17:20 <REP> d-------- c:\program files\Microsoft Pro Photo Tools
2008-12-21 17:16 . 2008-12-21 17:16 <REP> d-------- c:\program files\MSBuild
2008-12-21 17:15 . 2008-12-21 17:15 <REP> d-------- c:\program files\Canon
2008-12-21 17:12 . 2008-12-21 17:18 <REP> d-------- c:\windows\system32\XPSViewer
2008-12-21 17:11 . 2008-12-21 17:11 <REP> d-------- c:\program files\Reference Assemblies
2008-12-21 17:11 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-21 16:59 . 2008-12-21 17:15 <REP> d-------- c:\program files\Fichiers communs\Canon
2008-12-21 16:33 . 2008-12-21 16:33 <REP> d-------- c:\program files\Pro Imaging Powertoys
2008-12-21 16:33 . 2008-12-21 16:33 <REP> d-------- c:\program files\Fichiers communs\Nikon
2008-12-21 16:24 . 2008-12-21 16:25 <REP> d-------- c:\windows\system32\URTTemp
2008-12-21 15:38 . 2008-12-21 15:38 <REP> d-------- c:\temp\tmp
2008-12-21 15:38 . 2008-12-21 15:51 <REP> d-------- C:\Temp
2008-11-30 20:36 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-11-30 20:36 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2008-11-30 16:34 . 2008-11-30 16:34 <REP> d-------- c:\documents and settings\Andree\.thumbnails
2008-11-30 16:34 . 2008-11-30 16:35 <REP> d-------- c:\documents and settings\Andree\.gimp-2.6
2008-11-30 16:33 . 2008-11-30 16:34 <REP> d-------- c:\documents and settings\Andree\.gegl-0.0

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 02:18 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-24 02:12 --------- d-----w c:\program files\Steam
2008-12-24 01:55 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-23 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-23 03:34 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-17 22:25 --------- d-----w c:\documents and settings\Frank\Application Data\Juniper Networks
2008-12-07 02:53 --------- d-----w c:\documents and settings\Frank\Application Data\mIRC
2008-12-05 22:23 --------- d-----w c:\program files\mIRC
2008-11-21 22:58 --------- d-----w c:\program files\eclipse
2008-11-09 18:28 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-10-29 22:01 --------- d-----w c:\program files\MSECache
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 670,208 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-10 1410296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-04 32768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-08-04 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-04 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=iwxwji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);\??\c:\windows\system32\Drivers\NEOFLTR_600_12507.SYS [2007-12-27 64160]
R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\SDK\lib\appservService.exe "\"c:\sun\SDK\bin\asadmin.bat\" start-domain --user Francis domain1" "\"c:\sun\SDK\bin\asadmin.bat\" stop-domain domain1\" []
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-09 99376]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-23 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Andree.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 12:19]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{566499cf-4f13-4257-9d8e-1450d0a16403} - (no file)
BHO-{E2FE6244-D999-4A6B-8F99-AF782305BA1A} - (no file)
HKLM-Run-HPUsageTracking - c:\program files\HP\HP UT\bin\hppusg.exe
Notify-vtUnoOHa - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.canoe.qc.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\2d2a42a4.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 21:18:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Heure de fin: 2008-12-23 21:19:12
ComboFix-quarantined-files.txt 2008-12-24 02:19:09

Avant-CF: 289,461,530,624 octets libres
Après-CF: 289,583,337,472 octets libres

180 --- E O F --- 2008-12-19 08:00:29

wizard
2008-12-24, 04:22
MALWARE REPORT:

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1538
Windows 5.1.2600 Service Pack 3

2008-12-23 21:08:16
mbam-log-2008-12-23 (21-08-16).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 130504
Temps écoulé: 36 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\hgGvWomn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMCvsrS.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rysljhsa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hmsnzz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUnoOHa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tadrcgxj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iwxwji.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{566499cf-4f13-4257-9d8e-1450d0a16403} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{566499cf-4f13-4257-9d8e-1450d0a16403} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtunooha (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2fe6244-d999-4a6b-8f99-af782305ba1a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e2fe6244-d999-4a6b-8f99-af782305ba1a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{566499cf-4f13-4257-9d8e-1450d0a16403} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2fe6244-d999-4a6b-8f99-af782305ba1a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggvwomn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggvwomn -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\iwxwji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUnoOHa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgGvWomn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nmoWvGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMCvsrS.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\SrsvCMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rysljhsa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ashjlsyr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmsnzz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tadrcgxj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Andree\Local Settings\Temporary Internet Files\Content.IE5\EC0RTE7W\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\456RG1EF\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\G9YR49EF\CAEJGDQV (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\WH2NKDUN\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nqhafdfo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkHxyX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHAQgD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\winzip112.exe (Trojan.Agent) -> Quarantined and deleted successfully.

wizard
2008-12-24, 04:24
HIJACK REPORT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:39, on 2008-12-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Sun\SDK\lib\appservService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Sun\SDK\jdk\bin\java.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frank\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {566499cf-4f13-4257-9d8e-1450d0a16403} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {E2FE6244-D999-4A6B-8F99-AF782305BA1A} - (no file)
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6121] command /c del "C:\WINDOWS\system32\gbthnijc.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9271] cmd /c del "C:\WINDOWS\system32\gbthnijc.dll_old"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1919] command /c del "C:\WINDOWS\system32\gbthnijc.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6677] cmd /c del "C:\WINDOWS\system32\gbthnijc.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215902658953
O18 - Protocol: bw+0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {52CD2EDB-62C0-4478-A4E4-B673D3358DF1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: iwxwji.dll
O20 - Winlogon Notify: vtUnoOHa - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: SunJavaSystemAppserver9PE (AppServer9PE) - Unknown owner - C:\Sun\SDK\lib\appservService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 20571 bytes


NOTE:

All scan has been done with my antivirus on, sorry if i forgot to turn them off, but i think we all this work done already, it give us a little step, could you please help me fix this as soon as possible, i need to close my accounting for the 3rd of january ! thanks in advance again for your time..

---------------------------------------------

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )

wizard
2008-12-24, 05:07
sorry for scanning and using all these software, just trying to fix my computer as fast as possible... hope i didnt slow you guys down, still i have a background in compuer fix.. Thanks for your help in advance..

wizard
2008-12-24, 17:22
still have an issue with this. can anybody help me out ?

wizard
2008-12-24, 20:29
Infectef by smitfraud and Virtumonde.generic, could you please help me out ?