Options
help needed to get rid of "troyan downloader agent"
greetings
my friend's comp is suffering from troyan downloader agent and formerly troyan dropper. we'r interested in how to get rid of the downloader one. which files can be involved?
thank u
Logfile of HijackThis v1.97.7
Scan saved at 17:29:40, on 07.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpm.exe
C:\WINDOWS\System32\wdrk32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ABBYY Lingvo 9.0 English-Russian Dictionary\Lvagent.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xu\msnappau.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\winmon.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\windows\system32\sysvw32.exe
C:\windows\system32\dk.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\temp\salm.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\gcauthc\gcauthc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://gcnet.ru/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: (no name) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) -
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-xu\msntb.dll
O3 - Toolbar: &Радио -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-xu\msntb.dll
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program
Files\ABBYY Lingvo 9.0 English-Russian
Dictionary\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-xu\msnappau.exe"
O4 - HKLM\..\Run: [Msn Plus Updater] msnplus.exe
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program
Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Printer]
C:\windows\system32\sysvw32.exe
O4 - HKLM\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\Run: [Win32] C:\windows\system32\dk.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program
Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program
Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [zgbkb] C:\WINDOWS\zgbkb.exe
O4 - HKLM\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [gcauthc] C:\Program
Files\gcauthc\gcauthc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto
Switcher\ps.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program
Files\Logitech\Desktop
Messenger\8876480\Users\Sveta\NewVersion\setup-8876480.exe
-ReportOnly
O4 - HKCU\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk
= C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Экспорт в Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates -
file://C:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=29db7124dab575fb5ab91081ff35dbb3a4cb59fa1ae24866bf499a6dfe462d21eddcb1f74901340ab55ac11ba41d45980a6a692fc006fc1d4055e54a9a5c9c8176:d6c15ae94fdc069626c0bf101022b6a8
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006}
(CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{AE0D4F6D-E524-476D-9BBD-9DBDB133288A}:
NameServer = 10.20.6.254
O18 - Protocol: bwh0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
my friend's comp is suffering from troyan downloader agent and formerly troyan dropper. we'r interested in how to get rid of the downloader one. which files can be involved?
thank u
Logfile of HijackThis v1.97.7
Scan saved at 17:29:40, on 07.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpm.exe
C:\WINDOWS\System32\wdrk32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ABBYY Lingvo 9.0 English-Russian Dictionary\Lvagent.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xu\msnappau.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\winmon.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\windows\system32\sysvw32.exe
C:\windows\system32\dk.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\temp\salm.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\gcauthc\gcauthc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://gcnet.ru/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: (no name) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) -
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-xu\msntb.dll
O3 - Toolbar: &Радио -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-xu\msntb.dll
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program
Files\ABBYY Lingvo 9.0 English-Russian
Dictionary\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-xu\msnappau.exe"
O4 - HKLM\..\Run: [Msn Plus Updater] msnplus.exe
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program
Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Printer]
C:\windows\system32\sysvw32.exe
O4 - HKLM\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\Run: [Win32] C:\windows\system32\dk.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program
Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program
Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [zgbkb] C:\WINDOWS\zgbkb.exe
O4 - HKLM\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [gcauthc] C:\Program
Files\gcauthc\gcauthc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto
Switcher\ps.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program
Files\Logitech\Desktop
Messenger\8876480\Users\Sveta\NewVersion\setup-8876480.exe
-ReportOnly
O4 - HKCU\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk
= C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Экспорт в Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates -
file://C:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=29db7124dab575fb5ab91081ff35dbb3a4cb59fa1ae24866bf499a6dfe462d21eddcb1f74901340ab55ac11ba41d45980a6a692fc006fc1d4055e54a9a5c9c8176:d6c15ae94fdc069626c0bf101022b6a8
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006}
(CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{AE0D4F6D-E524-476D-9BBD-9DBDB133288A}:
NameServer = 10.20.6.254
O18 - Protocol: bwh0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
0
Comments
O18 - Protocol: bwh0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -
{E22B6120-70F3-4836-8078-39257947E5A9} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Then find and delete BWPlugProtocol-8876480.dll, reboot and post a new log.
Logfile of HijackThis v1.97.7
Scan saved at 16:24:15, on 08.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus\avpcc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus\avpm.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ABBYY Lingvo 9.0 English-Russian
Dictionary\Lvagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus\avpcc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\windows\system32\sysvw32.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\gcauthc\gcauthc.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program
Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\Documents and Settings\Sveta\Мои
документы\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.gcnet.ru/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: (no name) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) -
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll (file
missing)
O2 - BHO: (no name) -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-xu\msntb.dll
(file missing)
O3 - Toolbar: &Радио -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-xu\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program
Files\ABBYY Lingvo 9.0 English-Russian
Dictionary\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [StatusClient] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program
Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Printer]
C:\windows\system32\sysvw32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program
Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKCU\..\Run: [gcauthc] C:\Program
Files\gcauthc\gcauthc.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto
Switcher\ps.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Экспорт в Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=29db7124dab575fb5ab91081ff35dbb3a4cb59fa1ae24866bf499a6dfe462d21eddcb1f74901340ab55ac11ba41d45980a6a692fc006fc1d4055e54a9a5c9c8176:d6c15ae94fdc069626c0bf101022b6a8
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006}
(CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{AE0D4F6D-E524-476D-9BBD-9DBDB133288A}:
NameServer = 10.20.6.254
thank u very much for help
Messenger\8876480\Program\BWPlugProtocol-8876480.dll) appeared on the list while scannin with upgraded hijack and were put to the ignore list again. though nothing related to the logitech exists on this comp any longer.
Logfile of HijackThis v1.98.2
Scan saved at 0:53:40, on 10.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus\avpcc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus\avpm.exe
C:\WINDOWS\System32\wdrk32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ABBYY Lingvo 9.0 English-Russian
Dictionary\Lvagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus\avpcc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\windows\system32\sysvw32.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\gcauthc\gcauthc.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program
Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\winmon.exe
C:\Program Files\ICQ\Icq.exe
C:\Documents and Settings\Sveta\Local
Settings\Temp\Временная папка 1 для
hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.gcnet.ru/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:\Program Files\MSN
Apps\ST\01.02.3000.1002\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-xu\msntb.dll
(file missing)
O3 - Toolbar: &Радио -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-xu\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program
Files\ABBYY Lingvo 9.0 English-Russian
Dictionary\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [StatusClient] C:\Program
Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat
4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program
Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Printer]
C:\windows\system32\sysvw32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program
Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [gcauthc] C:\Program
Files\gcauthc\gcauthc.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto
Switcher\ps.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKCU\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Экспорт в Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro -
{6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ -
{6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=29db7124dab575fb5ab91081ff35dbb3a4cb59fa1ae24866bf499a6dfe462d21eddcb1f74901340ab55ac11ba41d45980a6a692fc006fc1d4055e54a9a5c9c8176:d6c15ae94fdc069626c0bf101022b6a8
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006}
(CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{AE0D4F6D-E524-476D-9BBD-9DBDB133288A}:
NameServer = 10.20.6.254
thank u for help
Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKLM\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [gcauthc] C:\Program
Files\gcauthc\gcauthc.exe
O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\RunServices: [Msn Plus Updater] msnplus.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKCU\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_f...6c0bf101022b6a8
Fix those entries then find and delete the files listed above, reboot and post a new log.