virus msn plus 11
Dernière réponse : dans Sécurité
Hello
I have this problem to i have this #### virus too.
msn11plus.shizero.com ! this is the virus.
Please help me but speak english ore german please.
MY dollmeger can't speak france.
This virus write ever this """""check this out![:p]( ":p")
lol NEW MSN 11 PLUS! http://msn11plus.shizero.com !""""""
That's very ####![:D]( ":D")
![:D]( ":D")
thanks in advance
mfg Sascha
I have this problem to i have this #### virus too.
msn11plus.shizero.com ! this is the virus.
Please help me but speak english ore german please.
MY dollmeger can't speak france.
This virus write ever this """""check this out
lol NEW MSN 11 PLUS! http://msn11plus.shizero.com !""""""That's very ####
thanks in advance
mfg Sascha
Autres pages sur : virus msn
Lassé par la pub ? Créez un compte
Hi,
I can't speak German, so... I'll speak English.
Download HijackThis : http://www.infos-du-net.com/telecharger/HijackThis.html
Extract the file hijackthis.exe off his zip file, in a special folder (a folder that you create on the desktop for example).
Launch the file hijackthis.exe, in the menu, choose Do a system scan a save a logfile, and give us the scan result.
PS : sorry if my English is not very good... :-?
I can't speak German, so... I'll speak English.
Download HijackThis : http://www.infos-du-net.com/telecharger/HijackThis.html
Extract the file hijackthis.exe off his zip file, in a special folder (a folder that you create on the desktop for example).
Launch the file hijackthis.exe, in the menu, choose Do a system scan a save a logfile, and give us the scan result.
PS : sorry if my English is not very good... :-?
Thanks I understand that :-)
Logfile of HijackThis v1.99.1
Scan saved at 18:34:53, on 20.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Msn Plus\MsgPlus.exe
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Msmsgsis.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\LVComS.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\bwgo0001a40b.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jdiqzgzyiek.net/YyVAZwwpqV8ZPYR6Mr9o2rtr18AG...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_98.dll
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - D:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: (no name) - {B828540B-B5A9-A08F-F3B2-E3F4AD575F05} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O2 - BHO: (no name) - {E3EBA1AD-2877-A4D7-A58B-F8126982C7C9} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\de\msntb.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eDonkey2000] "C:\Programme\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\\Msn Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [mode memo kind bike] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\team slow mode memo\Hope Creative.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [SoapFourPlatformFace] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stopdrawsoapfour\Wipe Bat.exe
O4 - HKLM\..\Run: [BearShare] "D:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [winupdates] C:\Programme\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winspool] \winspool.exe
O4 - HKLM\..\Run: [Msmsgsis.exe] c:\Msmsgsis.exe
O4 - HKLM\..\RunServices: [winspool] \winspool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DictaNet EMail Recorder] C:\Programme\DictaNet\DNE.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [T-Online Messenger (TOM)] C:\Programme\T-Online\T-Online_Software_5\Messenger\TOM.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\\Msn Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [delete amen] C:\DOKUME~1\ADMINI~1\ANWEND~1\BAGSWA~1\Keepfree.exe
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O4 - Startup: Screenshot Utility.lnk = C:\Programme\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Erfassen! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program files\Goto\Memoweb 3\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Diese Website erfassen - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program files\Goto\Memoweb 3\IEBtn\Launcher (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: bw+0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:34:53, on 20.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Msn Plus\MsgPlus.exe
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Msmsgsis.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\LVComS.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\bwgo0001a40b.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jdiqzgzyiek.net/YyVAZwwpqV8ZPYR6Mr9o2rtr18AG...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://de.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_98.dll
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - D:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: (no name) - {B828540B-B5A9-A08F-F3B2-E3F4AD575F05} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O2 - BHO: (no name) - {E3EBA1AD-2877-A4D7-A58B-F8126982C7C9} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\de\msntb.dll (file missing)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eDonkey2000] "C:\Programme\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\\Msn Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [mode memo kind bike] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\team slow mode memo\Hope Creative.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [SoapFourPlatformFace] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stopdrawsoapfour\Wipe Bat.exe
O4 - HKLM\..\Run: [BearShare] "D:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [winupdates] C:\Programme\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winspool] \winspool.exe
O4 - HKLM\..\Run: [Msmsgsis.exe] c:\Msmsgsis.exe
O4 - HKLM\..\RunServices: [winspool] \winspool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DictaNet EMail Recorder] C:\Programme\DictaNet\DNE.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [T-Online Messenger (TOM)] C:\Programme\T-Online\T-Online_Software_5\Messenger\TOM.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\\Msn Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [delete amen] C:\DOKUME~1\ADMINI~1\ANWEND~1\BAGSWA~1\Keepfree.exe
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O4 - Startup: Screenshot Utility.lnk = C:\Programme\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Erfassen! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program files\Goto\Memoweb 3\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Diese Website erfassen - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program files\Goto\Memoweb 3\IEBtn\Launcher (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: bw+0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F4F31CDC-27F9-4711-AA12-E8056C7A70C6} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Good evening,
0/ uninstall MessengerPlus! 3
later you will be able to reinstall it making sure that you do not have the SPONSOR option, that is an adware.
1/ uninstall the following programs if possible :
NewDotNet
MyWebSearch
2/ Download and install CCleaner
3/ Download LSPfix.exe
Quit Internet, stop all connexion
Run LSPfix
Check "I know what I"m doing".
Select newdotnet6_98.dll
Click the right-pointing "arrows" and move all instances of newdotnet6_98.dll and nothing else to the Remove side
(It might already be over there when you open lspfix.)
Click the "Finish" button.
4/ Next, please reboot your computer in SafeMode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode.
5/ Open HijackThis and click on "Do a System Scan Only". Check all the following entries, then click Fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jdiqzgzyiek.net/YyVAZwwpqV8ZPYR6Mr9o2rtr18AG...
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_98.dll
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - D:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: (no name) - {B828540B-B5A9-A08F-F3B2-E3F4AD575F05} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O2 - BHO: (no name) - {E3EBA1AD-2877-A4D7-A58B-F8126982C7C9} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\de\msntb.dll (file missing)
O4 - HKLM\..\Run: [mode memo kind bike] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\team slow mode memo\Hope Creative.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [winupdates] C:\Programme\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winspool] \winspool.exe
O4 - HKLM\..\Run: [Msmsgsis.exe] c:\Msmsgsis.exe
O4 - HKLM\..\RunServices: [winspool] \winspool.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [delete amen] C:\DOKUME~1\ADMINI~1\ANWEND~1\BAGSWA~1\Keepfree.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE
6/ Enable the Hidden Files Option
open Windows Explorer, then clic on "Options", then "Folder Options"
* Scroll down to the Hidden Files and Folders section
* Select: "Show hidden files and folders"
* Uncheck: "Hide file extensions for known file types"
* Uncheck: " Hide protected operating system files"
* Ok the Prompt, click Apply, Ok
7/ then, delete the following files/folders if present :
C:\Programme\MyWebSearch\ --> the folder
C:\Programme\NewDotNet\ --> the folder
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OPENRE~1\ --> the folder begins with OPENRE...
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\BAGSWA~1\ --> the folder begins with BAGSWA...
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\team slow mode memo\ --> the folder
C:\Programme\winupdates\ --> the folder
winspool.exe --> the file is probably in C:\WINDOWS\system32\ or C:\WINDOWS\
C:\Msmsgsis.exe --> the file
C:\Programme\Save\ --> the folder
8/ Start Ccleaner and click "Run Cleaner"
9/ Restart Windows normally
If you"ve lost Internet access
run LSPfix
Check "I know what I"m doing"
Click the "Finished" button.
Restart Windows normally
10/ Post a new HijackThis log.
do you still have problems?
0/ uninstall MessengerPlus! 3
later you will be able to reinstall it making sure that you do not have the SPONSOR option, that is an adware.
1/ uninstall the following programs if possible :
NewDotNet
MyWebSearch
2/ Download and install CCleaner
3/ Download LSPfix.exe
Quit Internet, stop all connexion
Run LSPfix
Check "I know what I"m doing".
Select newdotnet6_98.dll
Click the right-pointing "arrows" and move all instances of newdotnet6_98.dll and nothing else to the Remove side
(It might already be over there when you open lspfix.)
Click the "Finish" button.
4/ Next, please reboot your computer in SafeMode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode.
5/ Open HijackThis and click on "Do a System Scan Only". Check all the following entries, then click Fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jdiqzgzyiek.net/YyVAZwwpqV8ZPYR6Mr9o2rtr18AG...
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_98.dll
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - D:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)
O2 - BHO: (no name) - {B828540B-B5A9-A08F-F3B2-E3F4AD575F05} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O2 - BHO: (no name) - {E3EBA1AD-2877-A4D7-A58B-F8126982C7C9} - C:\DOKUME~1\ADMINI~1\ANWEND~1\OPENRE~1\softwarebook.exe (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\de\msntb.dll (file missing)
O4 - HKLM\..\Run: [mode memo kind bike] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\team slow mode memo\Hope Creative.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [winupdates] C:\Programme\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winspool] \winspool.exe
O4 - HKLM\..\Run: [Msmsgsis.exe] c:\Msmsgsis.exe
O4 - HKLM\..\RunServices: [winspool] \winspool.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [delete amen] C:\DOKUME~1\ADMINI~1\ANWEND~1\BAGSWA~1\Keepfree.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\5.bin\MWSOEMON.EXE
6/ Enable the Hidden Files Option
open Windows Explorer, then clic on "Options", then "Folder Options"
* Scroll down to the Hidden Files and Folders section
* Select: "Show hidden files and folders"
* Uncheck: "Hide file extensions for known file types"
* Uncheck: " Hide protected operating system files"
* Ok the Prompt, click Apply, Ok
7/ then, delete the following files/folders if present :
C:\Programme\MyWebSearch\ --> the folder
C:\Programme\NewDotNet\ --> the folder
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OPENRE~1\ --> the folder begins with OPENRE...
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\BAGSWA~1\ --> the folder begins with BAGSWA...
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\team slow mode memo\ --> the folder
C:\Programme\winupdates\ --> the folder
winspool.exe --> the file is probably in C:\WINDOWS\system32\ or C:\WINDOWS\
C:\Msmsgsis.exe --> the file
C:\Programme\Save\ --> the folder
8/ Start Ccleaner and click "Run Cleaner"
9/ Restart Windows normally
If you"ve lost Internet access
run LSPfix
Check "I know what I"m doing"
Click the "Finished" button.
Restart Windows normally
10/ Post a new HijackThis log.
do you still have problems?
Lassé par la pub ? Créez un compte
