Win32:Zlob-BN(Trj) HELP

Started by emilyw, June 20, 2006, 10:54:31 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3
User actions

emilyw

#15
June 23, 2006, 10:18:43 PM
I used Symantec scanner, here is what they gave me

C:\WINDOWS\NDNuninstall4_50.exe is infected with Adware.NDotNet 
C:\WINDOWS\NDNuninstall4_80.exe is infected with Adware.NDotNet 
C:\WINDOWS\SYSTEM32\ld100.tmp is infected with Trojan.Emcodec 
C:\WINDOWS\SYSTEM32\regperf.exe is infected with Trojan.Zlob 

Corrine

#16
June 23, 2006, 10:36:12 PM
Hi, Emily.

C:\WINDOWS\system32\hp100.tmp

That definitely means the SmitRem infection.  Emily, can you recall exactly what program wouldn't let you open S!Ri's SmitfraudFix?  We will need to find a way around that to get your system clean. 

I'll get the instructions together for you and be right back  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#17
June 23, 2006, 10:44:18 PM
    Ok, Emily, here goes.  Please be sure to ask questions or let us know if you are having a problem.  If Avast or another security program asks if you shoudl run the SmitfraudFix, tell it YES:

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. (See  ttp://www.beyondlogic.org/consulting/processutil/processutil.htm  )


PRINT or SAVE these instructions to text where you can access them in safe mode. 
Please follow the instructions in the order given.

INSTRUCTIONS:

A.  Download and/or update the following programs.  Install them but do NOT run them yet.

  • Download SmitfraudFix (© S!Ri) to your Desktop from http://siri.urz.free.fr/Fix/SmitfraudFix.zip .  Extract all the files to your Desktop and a folder named SmitfraudFix will be created on your Desktop.


  • Download CCleaner from Download CCleaner from this direct link:  http://www.ccleaner.com/downloadbin.asp?f=2
  • Download ewido AntiMalware.  It is a free version of the program.

    • Install ewido AntiMalware[list=a]
    • Launch ewido, there will be a large yellow [size=18]e[/size] icon on your desktop, double-click it.
    • The program will prompt you to update.  Click the OK button.
    • The program will now open to the main screen
    • On the left-hand side of the main screen, click on Update
    • Click on Start. The update will start and a progress bar will show the updates being installed.
    • When complete, the status bar at the bottom will display "Update successful".
  • Do not scan yet.
  • If you have problems with the updater, you can use this link to manually update Ewido --   Ewido manual updates
[/list]

B.  Restart your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe Mode.
  • Login on your usual account.
    If you need further assistance with Safe Mode, see Symantec
C.  Open the SmitfraudFix folder

  • Double-click smitfraudfix.cmd file to start the tool.
  • Select option #2 - Clean by typing 2 and press Enter.
    Warning : running option #2 on a uninfected computer will remove your Desktop background.
  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry?"

    • Answer Yes by typing Y
    • Hit Enter.

  • The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.

    • Answer Yes to the question "Replace infected file?" by typing Y
    • Hit Enter.
  • A reboot may be needed to finish the cleaning process.  If your computer does not restart automatically please do it yourself manually.
  • Restart in Safe Mode as instructed above.
  • The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
D. Clean Temporary Internet files with CCleaner as follows:

  • Close all open programs, including Internet Explorer, Fire Fox and any instances of Windows Explorer.
  • Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
  • A pop up box will appear advising this process will permanently delete files from your system.
  • To protect logon cookies that you wish to retain, under Options > Cookies.  Select and using the arrow move those cookies to the "Cookies to keep" column.
  • Then select the items you wish to clean up.

    • In the Windows Tab:

      • Clean all entries in the "Internet Explorer" section.
      • Clean all the entries in the "Windows Explorer" section.
      • Clean all entries in the "System" section except Windows Log Files.
    • In the Applications Tab:

      • Clean all in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Please UNcheck "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)
  • Click the "Run Cleaner" button and it will scan and clean your system.
  • Click exit.
E.  Run ewido:

  • Open ewido and click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress, you will be prompted to clean files, click OK
  • When prompted to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Checkmark the box:  *Create encrypted backup in the quarantine* (recommended).  Click OK.

  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop, or any other easily accessible location.
Now close ewido.

F.Restart in Normal Mode

G. Optional: To restore IE Trusted & Restricted Zone, open the SmitfraudFix folder

  • Double-click smitfraudfix.cmd
  • Select option #3 - Delete Trusted zone by typing 3 and press Enter

    • Answer Yes to the question "Restore Trusted Zone ?" by typing Y
    • Hit Enter.
    Note: If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
H.  Double-click the HijackThis icon on your desktop.  Choose "Do a system scan and save logfile".  Include the logfile with your post.

I.  Create a topic of your own (or a reply if you have an existing topic) and post the following logs:

  • C:\rapport.txt
  • ewido log
  • HijackThis log
Please let us know if any problems persist.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

emilyw

#18
June 23, 2006, 10:48:42 PM
Thank you so much

I am going to give this a try!!  Wish me luck!!

Corrine

#19
June 23, 2006, 10:54:25 PM
You can do it, Emily!!!  :rose: 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

winchester73

#20
June 23, 2006, 11:56:56 PM
You'll be fine.  We are scattered around the globe, so someone should be here to answer any questions within a reasonable amount of time.

Corrine's instructions should eliminate the rascal.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

emilyw

#21
June 24, 2006, 12:06:57 AM
I don't have ewido AntiMalware

How do I d/l this?? and what is it?

Corrine

#22
June 24, 2006, 12:34:34 AM
Sorry, Emily.  I must have removed the download link line when I was converting the instructions from Freedomlist to post here.  For some reason, the formatting gets messed up when going from phpBB software to SMF forum software.

I edited my post above to put it in the instructions in order. 

Oh, and ewido is an excellent antimalware software, includes trojans and more.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

emilyw

#23
June 24, 2006, 02:42:32 AM
Thanks ill do that now,  Had to take a break from this comp. and while I was gone no pop ups saying I have  trojan horse :D

so far so good

Corrine

#24
June 24, 2006, 11:40:37 AM
Great, we're making progress!  You'll get rid of it, don't worry. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

emilyw

#25
June 24, 2006, 09:48:23 PM
Thank you very much!! So far nothing has popped up in almost a day  :)
Okay here are the logs!!
Take your time and let me know how it appears!!

SmitFraudFix v2.62

Scan done at 19:21:37.92, 23/06/2006
Run from C:\Documents and Settings\Emily\My Documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{05a91164-3c96-47d6-aa74-2c855791b2d0}"="incaged"

[HKEY_CLASSES_ROOT\CLSID\{05a91164-3c96-47d6-aa74-2c855791b2d0}\InProcServer32]
@="C:\WINDOWS\system32\ofcukiz.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{05a91164-3c96-47d6-aa74-2c855791b2d0}\InProcServer32]
@="C:\WINDOWS\system32\ofcukiz.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\Emily\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\MalwareWipe\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\ofcukiz.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at:   11:39:16 PM 23/06/2006

+ Scan result:   



HKLM\SOFTWARE\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\ADM -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\DownloadManager -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\LocalFiles -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\TopSearch -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Adware.Delfin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Adware.Downloadware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1538417202-3207847200-972506294-1006\Software\Updater -> Adware.KeenValue : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_50.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_80.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP1166\A0059913.exe -> Downloader.Zlob.th : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 11:42:31 PM, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4790/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe




Corrine

#26
June 25, 2006, 12:05:28 AM
Fantastic, Emily!!!  Great job.  Now to clean up the remnant:

Scan with HijackThis, select the following and click "fix checked"

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp (file missing)

See this thread about updating Sun Java:  http://www.landzdown.com/index.php?topic=7887.0 .  For additional information on protecting your PC, please see Tony Klein's "So how did I get infected in the first place?" for important tips on how to prevent future infections.  There is also a lot of helpful information in "Mitch's Good Stuff" linked from here.

Install and update both SpywareBlaster & SpyGuard to prevent the installation of spyware and other potentially unwanted software:

SpywareBlaster -- http://www.javacoolsoftware.com/spywareblaster.html 
SpywareGuard --  http://www.javacoolsoftware.com/spywareguard.html 

If you use Internet Explorer, IE-Spyad will add thousands of sites into your IE restricted zone:  http://www.spywarewarrior.com/uiuc/resource.htm

Another useful program is StartupMonitor, which will warn you when somethings tries to sneak in:  http://www.mlin.net/StartupMonitor.shtml

Regards,


Corrine :rose:



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

emilyw

#27
June 25, 2006, 10:57:28 PM
Thank you very much!!

You were very helpful and now my computer is free from that stupid trojan!!

:thumbsup:

Corrine

#28
June 25, 2006, 11:48:19 PM
You're very welcome.  I'm glad we were able to assist.

Now that you're a member here, feel free to stick around, check the Lounge, see the jokes forum, subscribe to an update thread.  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

zoduVIE

#29
July 09, 2006, 08:22:23 AM
Hi !

I have the same problem with the Zlob-BN(trj) i have downloded the HijackThis ande here is the report i have become !

Pleace hallp me to remove this Zlob-BN.

Logfile of HijackThis v1.99.1
Scan saved at 10:33:47, on 09.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\pupxpman.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\CursorXP\CursorXP.exe
C:\Programme\NoAds\NoAds.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programme\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
C:\Programme\Second Nature\Snsicon.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Avant Browser\avant.exe
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gayromeo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von chello broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\pupxpman.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NoAds] "C:\Programme\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule.de\emule.exe -AutoStart
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Zoran\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Internet Keyboard.lnk = ?
O4 - Global Startup: Snsicon.lnk = C:\Programme\Second Nature\Snsicon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://c:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Blokiraj sve slike sa istog servera - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj na AD Crnu Listu - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: In neuem Avant Browser öffnen - C:\Programme\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Najtraženiji - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Otvori sve linkove na ovoj stranici... - C:\Programme\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Traži - C:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .m3u: C:\Programme\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.chello.at/
O16 - DPF: ConferenceRoom Java Client - http://chat.rainbow.or.at/java/cr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/de/win/QuickTimeFullInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126213112562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: bw+0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {104F9980-4F70-4364-A43B-F1D93AE60AB7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVP-SE - Unknown owner - C:\WINDOWS\System32\avp-32.exe" -service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Print
Go Up Pages 1 2 3
User actions