APUA KIITOS!!! Trojan.Win32.BHO.g

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by GoldenFIN, Dec 7, 2006.

Thread Status:
Not open for further replies.
  1. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    Eli tommosen viruksen olen koneeltani bongannut. Se on esiintynyt vähän eri nimissä myös, mutta alku on aina sama siis tuo Trojan.Win32.BHO.

    Täs olis logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:25:14, on 7.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jussi\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {0208A39D-A2A2-1302-5851-03F94ACDDB33} - C:\WINDOWS\system32\ludstge.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\aemfvtbq.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {8D3F41BD-F868-42CB-8EDF-111C2A100CCE} - C:\WINDOWS\repair\ajvapa.dll
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
    O4 - HKLM\..\Run: [lDYn] C:\WINDOWS\mbiktjpr.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [rflukel.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rflukel.dll,xlmhpm
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\windows\svchost.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: MagicTune3.6.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136834978437
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163533425484
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
    O18 - Protocol: bw+0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ajvapa - C:\WINDOWS\repair\ajvapa.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


    Kiitän ja kumarran etukäteen! :)
    Ystävällisin terveisin Jussi Mylläri
     
    GoldenFIN, Dec 7, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Tottelee myös nimeä Vundo :)

    Nuo fixiin:

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {0208A39D-A2A2-1302-5851-03F94ACDDB33} - C:\WINDOWS\system32\ludstge.dll (file missing)
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\aemfvtbq.dll (file missing)
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
    O4 - HKLM\..\Run: [lDYn] C:\WINDOWS\mbiktjpr.exe
    O4 - HKLM\..\Run: [rflukel.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rflukel.dll,xlmhpm
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

    Lataa VundoFix.exe työpöydällesi.
    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
    [*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
    [*]C:\WINDOWS\repair\ajvapa.dll
    [*]C:\WINDOWS\repair\apavja.*

    [*]Klikkaa Add Files ja sitten klikkaa Close Window.
    [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
    [/list]

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
     
    Last edited: Dec 7, 2006
    -kemisti-, Dec 7, 2006
    #2
  3. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    Kiitos paljon tarkoista hyvistä ohjeista, katsotaan miten käy.
    Tossa on se Vundofixin loki:

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:02:22 7.12.2006

    Listing files found while scanning....

    C:\WINDOWS\system32\tjhaqokj.exe
    C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\apavja.ini
    C:\WINDOWS\repair\apavja.bak1
    C:\WINDOWS\repair\apavja.bak2
    C:\WINDOWS\repair\apavja.ini2
    C:\WINDOWS\repair\apavja.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tjhaqokj.exe
    C:\WINDOWS\system32\tjhaqokj.exe Has been deleted!

    Attempting to delete C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\ajvapa.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\repair\apavja.ini
    C:\WINDOWS\repair\apavja.ini Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.bak1
    C:\WINDOWS\repair\apavja.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.bak2
    C:\WINDOWS\repair\apavja.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.ini2
    C:\WINDOWS\repair\apavja.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.tmp
    C:\WINDOWS\repair\apavja.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\ajvapa.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:18:47 7.12.2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...




    Ja täs on nykyinen HiJackThis loki:

    Logfile of HijackThis v1.99.1
    Scan saved at 0:23:43, on 8.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jussi\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {0208A39D-A2A2-1302-5851-03F94ACDDB33} - C:\WINDOWS\system32\ludstge.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1BB6587F-5D63-47B2-8F00-86AE8F47A534} - C:\WINDOWS\repair\ajvapa.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\aemfvtbq.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
    O4 - HKLM\..\Run: [lDYn] C:\WINDOWS\mbiktjpr.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [rflukel.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rflukel.dll,xlmhpm
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\windows\svchost.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: MagicTune3.6.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136834978437
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163533425484
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
    O18 - Protocol: bw+0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ajvapa - C:\WINDOWS\repair\ajvapa.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    Terveisin Jussi
     
    GoldenFIN, Dec 7, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Vaaditaan rajumpia keinoja:

    Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä ja paina fix checked:

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {0208A39D-A2A2-1302-5851-03F94ACDDB33} - C:\WINDOWS\system32\ludstge.dll (file missing)
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\aemfvtbq.dll (file missing)
    O4 - HKLM\..\Run: [lDYn] C:\WINDOWS\mbiktjpr.exe
    O4 - HKLM\..\Run: [rflukel.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rflukel.dll,xlmhpm
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)


    1. Lataa The Avenger (c) työpöydällesi
    [*]Klikkaa Avenger.zip filua avataksesi sen.
    [*]Pura Avenger.exe työpöydällesi.

    2. Kopioi kaikki teksti mustalla lainausboksissa alapuolella tyhjälle muistiolle:


    Huomaa: yläpuolella oleva skripti on luotu erityisesti tälle käyttäjälle. Jos et ole tämä henkilö, ÄLÄ seuraa näitä ohjeita koska ne voisivat pilata koneesi toimintoja.

    3. Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi.
    [*]"Script file to execute" alapuolelta valitse "Input Script Manually".
    [*]Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
    [*] Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
    [*] Klikkaa Done.
    [*] Nyt klikkaa vihreää valoa aloittaaksesi skriptin.
    [*] Klikkaa "Yes" kun tulee kaksi varoitusboksia.

    Avenger tekee automaattisesti seuraavat:
    [*] Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa.)
    [*] Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.
    [*] Käynnistyksen jälkeen, se luo lokitiedoston jonka pitäisi aueta Avengerin tekojen tuloksena. Tämän lokin tiedostopolku on C:\avenger.txt
    [*] Avenger on myös tehnyt varmuuskopion kaikista tiedostoista jne.. jotka pyysit sen poistaa, ja on pakannut ja siirtänyt ne zip filuihin polussa C:\avenger\backup.zip.

    5. Kopioi ja liitä kaikki sisältö tiedostosta avenger.txt vastaukseesi tuoreen HJT lokin mukana.

    Aja vundofix uudestaan.

    Lähetä:

    - uusi HjT-loki
    - C:\avenger.txt
    - C:\vundofix.txt
     
    Last edited: Dec 7, 2006
    -kemisti-, Dec 7, 2006
    #4
  5. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    HJT loki:


    Logfile of HijackThis v1.99.1
    Scan saved at 17:28:15, on 8.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jussi\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {AB29EF33-C674-4FF1-B16C-767D60B6891C} - C:\WINDOWS\repair\ajvapa.dll (file missing)
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\windows\svchost.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: MagicTune3.6.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136834978437
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163533425484
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
    O18 - Protocol: bw+0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ajvapa - C:\WINDOWS\repair\ajvapa.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe





    Avenger.txt:


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\qvnutxsc

    *******************

    Script file located at: \??\C:\WINDOWS\bfpqammc.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\system32\tjhaqokj.exe not found!
    Deletion of file C:\WINDOWS\system32\tjhaqokj.exe failed!

    Could not process line:
    C:\WINDOWS\system32\tjhaqokj.exe
    Status: 0xc0000034

    File C:\WINDOWS\repair\ajvapa.dll deleted successfully.
    File C:\WINDOWS\repair\apavja.ini deleted successfully.
    File C:\WINDOWS\repair\apavja.bak1 deleted successfully.


    File C:\WINDOWS\repair\apavja.bak2 not found!
    Deletion of file C:\WINDOWS\repair\apavja.bak2 failed!

    Could not process line:
    C:\WINDOWS\repair\apavja.bak2
    Status: 0xc0000034



    File C:\WINDOWS\repair\apavja.ini2 not found!
    Deletion of file C:\WINDOWS\repair\apavja.ini2 failed!

    Could not process line:
    C:\WINDOWS\repair\apavja.ini2
    Status: 0xc0000034



    File C:\WINDOWS\repair\apavja.tmp not found!
    Deletion of file C:\WINDOWS\repair\apavja.tmp failed!

    Could not process line:
    C:\WINDOWS\repair\apavja.tmp
    Status: 0xc0000034



    File C:\WINDOWS\system32\rflukel.dll not found!
    Deletion of file C:\WINDOWS\system32\rflukel.dll failed!

    Could not process line:
    C:\WINDOWS\system32\rflukel.dll
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.





    Vundofix.txt:


    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:02:22 7.12.2006

    Listing files found while scanning....

    C:\WINDOWS\system32\tjhaqokj.exe
    C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\apavja.ini
    C:\WINDOWS\repair\apavja.bak1
    C:\WINDOWS\repair\apavja.bak2
    C:\WINDOWS\repair\apavja.ini2
    C:\WINDOWS\repair\apavja.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tjhaqokj.exe
    C:\WINDOWS\system32\tjhaqokj.exe Has been deleted!

    Attempting to delete C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\ajvapa.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\repair\apavja.ini
    C:\WINDOWS\repair\apavja.ini Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.bak1
    C:\WINDOWS\repair\apavja.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.bak2
    C:\WINDOWS\repair\apavja.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.ini2
    C:\WINDOWS\repair\apavja.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.tmp
    C:\WINDOWS\repair\apavja.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\ajvapa.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:18:47 7.12.2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 16:57:49 8.12.2006

    Listing files found while scanning....

    C:\WINDOWS\repair\ajvapa.dll

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 17:14:04 8.12.2006

    Listing files found while scanning....



    Kiitos!
    Jussi
     
    GoldenFIN, Dec 8, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hyvä :)

    Nuo fixiin:

    O2 - BHO: (no name) - {AB29EF33-C674-4FF1-B16C-767D60B6891C} - C:\WINDOWS\repair\ajvapa.dll (file missing)
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
    O20 - Winlogon Notify: ajvapa - C:\WINDOWS\repair\ajvapa.dll (file missing)

    Käynnistä uudelleen.

    Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
    Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

     
    -kemisti-, Dec 8, 2006
    #6
  7. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    NONNIIN, nyt saatiin örkit päivänvaloon.. :D





    eScan Virus Log Information:

    Fri Dec 08 22:08:08 2006 => ***** Scanning complete. *****
    Fri Dec 08 22:08:08 2006 => Total Number of Files Scanned: 147973
    Fri Dec 08 22:08:08 2006 => Total Number of Virus(es) Found: 143
    Fri Dec 08 22:08:08 2006 => Total Number of Disinfected Files: 0
    Fri Dec 08 22:08:08 2006 => Total Number of Files Renamed: 3
    Fri Dec 08 22:08:08 2006 => Total Number of Deleted Files: 11
    Fri Dec 08 22:08:08 2006 => Total Number of Errors: 24
    Fri Dec 08 22:08:08 2006 => Time Elapsed: 02:13:04
    Fri Dec 08 22:08:08 2006 => Virus Database Date: 2006/12/08
    Fri Dec 08 22:08:08 2006 => Virus Database Count: 249275

    Fri Dec 08 22:08:08 2006 => Scan Completed.


    File C:\WINDOWS\system32\adnfxkww.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\adutxevv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\atbophfu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\axqrmnss.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\bpcqnlgr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\bvxvfefc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\cxgsjjbj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\dmpokweb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ektaxnyo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\evtselhs.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\exhshmxp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\fyvwmvyp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\gblfhyvm.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\glfvrsnw.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\hvjdjjqq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\idelqwxi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\irguahgp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\itpdidfs.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\jaewfvdg.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\jxojamuk.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\krrjcxdv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\lcqkwppe.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\lluufvak.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\llxwftos.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\lrtyoelc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\milnwwao.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\nbkskeem.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\nyqjowyi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ofeopapo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\oiaxkrsd.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\okaixybj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\omrtpuxn.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\pmgfrnql.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\pwngatel.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qdavygll.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qdvsejlf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qjghvoai.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qqkfundb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qxfexqvq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\rdnewbgx.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ruchwkad.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\saxuwbll.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\vaptipmr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\vhcppyyk.exe tagged as not-a-virus:AdWare.Win32.Searchcolor.a. No Action Taken.
    File C:\WINDOWS\system32\vnbxgoto.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\xkxymrth.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\xveuydge.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\yimsrkei.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ysrifjod.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\Documents and Settings\Jussi\Local Settings\Temp\dymufxhu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\Documents and Settings\Jussi\Local Settings\Temp\vjlgkkav.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\Documents and Settings\Jussi\Local Settings\Temp\win3EB.tmp.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\RECYCLER\S-1-5-21-842925246-1606980848-725345543-1005\Dc4.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\RECYCLER\S-1-5-21-842925246-1606980848-725345543-1005\Dc5.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP425\A0146125.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP425\A0146166.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP426\A0146223.0XE infected by "Trojan-Downloader.Win32.Zlob.aqj" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP426\A0146245.0XE infected by "Trojan-Downloader.Win32.Zlob.aqj" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP426\A0146257.0XE infected by "Trojan-Downloader.Win32.Zlob.aqj" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP426\A0146277.0XE infected by "Trojan-Downloader.Win32.Zlob.aqj" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP428\A0151277.dll tagged as not-a-virus:AdWare.Win32.Searchcolor.a. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP436\A0153975.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP436\A0155056.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP437\A0155146.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP437\A0155216.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP437\A0155249.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP438\A0155298.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP438\A0155329.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP439\A0156327.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP439\A0157331.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP440\A0158331.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP440\A0158456.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP440\A0158502.0LL infected by "Trojan.Win32.BHO.g" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP440\A0160500.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP441\A0160588.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP441\A0160624.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP441\A0160838.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP442\A0160878.0XE infected by "Trojan-Proxy.Win32.Small.dt" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP442\A0160879.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP442\A0160894.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ek. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP442\A0161899.0XE infected by "Trojan-Proxy.Win32.Small.dt" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP442\A0161900.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP442\A0162018.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP443\A0162073.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP443\A0162118.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP444\A0162181.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP444\A0162207.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP447\A0163515.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP447\A0163582.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP447\A0163663.dll tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP456\A0170832.0LL infected by "Trojan.Win32.BHO.g" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP457\A0170841.0LL infected by "Trojan.Win32.BHo_O" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP458\A0173011.0LL infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{94AAD00B-AB7A-4D67-8F83-23686B0265F4}\RP458\A0173020.0LL infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
    File C:\WINDOWS\system32\adnfxkww.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\adutxevv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\atbophfu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\axqrmnss.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\bpcqnlgr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\bvxvfefc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\cxgsjjbj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\dmpokweb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ektaxnyo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\evtselhs.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\exhshmxp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\fyvwmvyp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\gblfhyvm.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\glfvrsnw.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\hvjdjjqq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\idelqwxi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\irguahgp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\itpdidfs.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\jaewfvdg.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\jxojamuk.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\krrjcxdv.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\lcqkwppe.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\lluufvak.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\llxwftos.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\lrtyoelc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\milnwwao.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\nbkskeem.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\nyqjowyi.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ofeopapo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\oiaxkrsd.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\okaixybj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\omrtpuxn.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\pmgfrnql.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\pwngatel.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qdavygll.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qdvsejlf.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qjghvoai.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qqkfundb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\qxfexqvq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\rdnewbgx.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ruchwkad.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\saxuwbll.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\vaptipmr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\vhcppyyk.exe tagged as not-a-virus:AdWare.Win32.Searchcolor.a. No Action Taken.
    File C:\WINDOWS\system32\vnbxgoto.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\xkxymrth.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\xveuydge.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\yimsrkei.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\WINDOWS\system32\ysrifjod.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.










    Vundofix.txt:

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:02:22 7.12.2006

    Listing files found while scanning....

    C:\WINDOWS\system32\tjhaqokj.exe
    C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\apavja.ini
    C:\WINDOWS\repair\apavja.bak1
    C:\WINDOWS\repair\apavja.bak2
    C:\WINDOWS\repair\apavja.ini2
    C:\WINDOWS\repair\apavja.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tjhaqokj.exe
    C:\WINDOWS\system32\tjhaqokj.exe Has been deleted!

    Attempting to delete C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\ajvapa.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\repair\apavja.ini
    C:\WINDOWS\repair\apavja.ini Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.bak1
    C:\WINDOWS\repair\apavja.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.bak2
    C:\WINDOWS\repair\apavja.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.ini2
    C:\WINDOWS\repair\apavja.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\apavja.tmp
    C:\WINDOWS\repair\apavja.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\repair\ajvapa.dll
    C:\WINDOWS\repair\ajvapa.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:18:47 7.12.2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 16:57:49 8.12.2006

    Listing files found while scanning....

    C:\WINDOWS\repair\ajvapa.dll

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 17:14:04 8.12.2006

    Listing files found while scanning....

    C:\WINDOWS\repair\ajvapa.dll

    Beginning removal...

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 22:16:41 8.12.2006

    Listing files found while scanning....

    No infected files were found.


    JEEEE!!! :D








    HJT loki:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:34:17, on 8.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Kaspersky\mwavscan.com
    C:\Kaspersky\kavss.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    C:\Documents and Settings\Jussi\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: MagicTune3.6.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136834978437
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163533425484
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
    O18 - Protocol: bw+0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




    Joo täähän alko näyttää nyt vähän paremmalta (?) :D
    Tänks!
    Jussi
     
    GoldenFIN, Dec 8, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Vielä hommia :)

    Poista:


    C:\WINDOWS\system32\adnfxkww.exe
    C:\WINDOWS\system32\adutxevv.exe
    C:\WINDOWS\system32\atbophfu.exe
    C:\WINDOWS\system32\axqrmnss.exe
    C:\WINDOWS\system32\bpcqnlgr.exe
    C:\WINDOWS\system32\bvxvfefc.exe
    C:\WINDOWS\system32\cxgsjjbj.exe
    C:\WINDOWS\system32\dmpokweb.exe
    C:\WINDOWS\system32\ektaxnyo.exe
    C:\WINDOWS\system32\evtselhs.exe
    C:\WINDOWS\system32\exhshmxp.exe
    C:\WINDOWS\system32\fyvwmvyp.exe
    C:\WINDOWS\system32\gblfhyvm.exe
    C:\WINDOWS\system32\glfvrsnw.exe
    C:\WINDOWS\system32\hvjdjjqq.exe
    C:\WINDOWS\system32\idelqwxi.exe
    C:\WINDOWS\system32\irguahgp.exe
    C:\WINDOWS\system32\itpdidfs.exe
    C:\WINDOWS\system32\jaewfvdg.exe
    C:\WINDOWS\system32\jxojamuk.exe
    C:\WINDOWS\system32\krrjcxdv.exe
    C:\WINDOWS\system32\lcqkwppe.exe
    C:\WINDOWS\system32\lluufvak.exe
    C:\WINDOWS\system32\llxwftos.exe
    C:\WINDOWS\system32\lrtyoelc.exe
    C:\WINDOWS\system32\milnwwao.exe
    C:\WINDOWS\system32\nbkskeem.exe
    C:\WINDOWS\system32\nyqjowyi.exe
    C:\WINDOWS\system32\ofeopapo.exe
    C:\WINDOWS\system32\oiaxkrsd.exe
    C:\WINDOWS\system32\okaixybj.exe
    C:\WINDOWS\system32\omrtpuxn.exe
    C:\WINDOWS\system32\pmgfrnql.exe
    C:\WINDOWS\system32\pwngatel.exe
    C:\WINDOWS\system32\qdavygll.exe
    C:\WINDOWS\system32\qdvsejlf.exe
    C:\WINDOWS\system32\qjghvoai.exe
    C:\WINDOWS\system32\qqkfundb.exe
    C:\WINDOWS\system32\qxfexqvq.exe
    C:\WINDOWS\system32\rdnewbgx.exe
    C:\WINDOWS\system32\ruchwkad.exe
    C:\WINDOWS\system32\saxuwbll.exe
    C:\WINDOWS\system32\vaptipmr.exe
    C:\WINDOWS\system32\vhcppyyk.exe
    C:\WINDOWS\system32\vnbxgoto.exe
    C:\WINDOWS\system32\xkxymrth.exe
    C:\WINDOWS\system32\xveuydge.exe
    C:\WINDOWS\system32\yimsrkei.exe
    C:\WINDOWS\system32\ysrifjod.exe
    C:\Documents and Settings\Jussi\Local Settings\Temp\dymufxhu.exe
    C:\Documents and Settings\Jussi\Local Settings\Temp\vjlgkkav.exe

    Tyhjennä roskis

    1. Valitse Oma tietokone (klikkaa oikealla).
    2. Valitse Ominaisuudet.
    3. Valitse Järjestelmän palauttaminen- välilehti.
    4. Valitse "Poista järjestelmän palauttaminen käytöstä".
    5. Paina Käytä.
    6. Paina OK.
    7. Käynnistä kone uudelleen
    8. Tee kohdat 1.-3.
    9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
    10. Tee kohdat 5. ja 6.

    Skannaa uudelleen eScanilla.

    Lähetä eScanin tulokset ja uusi HjT-loki.
     
    Last edited: Dec 9, 2006
    -kemisti-, Dec 9, 2006
    #8
  9. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    Jees, kaikki meni aivan loistavasti paitsi että noita kahta en löytäny:

    C:\Documents and Settings\Jussi\Local Settings\Temp\dymufxhu.exe
    C:\Documents and Settings\Jussi\Local Settings\Temp\vjlgkkav.exe

    Etin ihan omilla silmilläni ja hakulaitteella mut eipä löytyny. :S

    Tos on HJT:n loki:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:02:11, on 9.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jussi\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: MagicTune3.6.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136834978437
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163533425484
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
    O18 - Protocol: bw+0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {11AF0174-1281-4356-AA5D-D282A0ECCAAE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Predixis\MusicMagic Mixer\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



    Tos eScannis kestää aina se kaks ja puol tuntii ja tartten nyt koko koneen suorittimen pelaamiseen :D et mä pistän sen tänne huomiseen mennessä. Se taitaa kuitenki olla just se tärkein loki täs nyt et toi HJT ei nyt oikee auta mut huomiseen aamuun mennessä pistän ton eScannin "örkkitulokset" tänne. :D
    Jussi
     
    GoldenFIN, Dec 9, 2006
    #9
  10. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    Mä scannasin nyt tolla eScannilla tän uusiks ja tohon "Virus Log Information" -boksiin ei tullu mitään. :) Sä pyysit lähettää sen lokin ja ku mä ite katoin sen nii siin onki silleen yli 143 000 riviä noita tiedostoja että oonko mä pistämässä nyt ne tähän? :DD
    Mä katoin siitä lokista että mitä se oli löytäny tuolta System 32:sta ja siel oli vieläki aika paljon noita Adwaren paskoja, täs muutamia esimerkkejä:

    "File C:\WINDOWS\system32\bvxvfefc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken."

    ja tämmösiä oli kans:

    "ERROR!!! ScanFile fails for C:\WINDOWS\system32\dmcwndif.exe"


    "*** File C:\WINDOWS\system32\MRT.exe having Size Restriction ***"



    Sitten kelasin tonne Documents and settings\Jussi\Local settings\Temp niin siellä aikalailla samoja paskoja. Siel oli aika paljon tota "having Size Restriction" en tiiä mitä se meinaa.. :D Mutta Tempissä oli myös näitä "AdWare.Win32.Agent.at" saakelin spywarejuttuja tai mitä ikinä onkaan. Saatana kun on kone ihan täynnä tota Win32 sontaa!! Ärsyttää niin &#¤&#¤&#¤!!!:D

    Mutta joo.. Eli siis pistänkö noi kaikki 143 tuhatta riviä tänne vai "vaan" :D noi muutama tuhat tai satoja rivejä C:\Windows\System32\ JA C:\Documents and Settings\Jussi\Local Settings\Temp\ ?

    KIITÄN AVUSTA JA KÄRSIVÄLLISYYDESTÄ! :D
    Jussi
     
    GoldenFIN, Dec 11, 2006
    #10
  11. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    Eikun odotappas!!! VIRHE! :D
    joo eli siis katoin tota eScannin lokia niin siinähän oli viel se ensimmäisen scannauksen tulokset siinä alussa! :D Joo enpä huomannut sitä. Joo nyt kun tarkemmin kattelen tämän päivän scannauksen tuloksia niin tosta AdWare.Win32.Agent.at ei näy kyllä jälkeäkään. Ainut mitä noista löysin kun vähän kattelin, niin oli noita:

    "Mon Dec 11 11:23:21 2006 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\dmcwndif.exe"

    Tommosia erroreita. Näyttääkö joltakin Spywarelta? Niin että kysymys on nyt just se että pistänkö koko saakelin pitkän lokin tähän, mitä kukaan ihminen jaksa lukea vai pistänkö System32:sen ja tempin..? :DD

    Jussi
     
    GoldenFIN, Dec 11, 2006
    #11
  12. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Kattellaan vielä tällä:

    * Lataa Dr.Web CureIt työpöydälle:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    [*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
    [*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
    [*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
    [*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
    [*]Klikaa vihreää nuolta oikealla ja scan alkaa.
    [*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
    [*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: [​IMG]
    [*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:
    [​IMG]
    Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
    [*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
    [*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
    [*]Sulje Dr.Web Cureit.
    [*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
    [*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
     
    -kemisti-, Dec 11, 2006
    #12
  13. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    Joo elikkä toi Dr.Web löysi erittäin kiitettävästi noita scheisseja tuolta! :D siin oli 49 jotain virustiedostoa mitä se löysi.


    DrWeb.csv:

    ErrorSafeFreeInstall_fi[1].exe;C:\Documents and Settings\Jarmo\Local Settings\Temporary Internet Files\Content.IE5\DEXK41ET;Trojan.DownLoader.10449;Deleted.;
    dvkrkvcj.exe;C:\Documents and Settings\Jussi\Local Settings\Temp;Adware.TopSearch;Incurable.Moved.;

    Miksköhän täs raportis on vaan nää kaks kun niitä löyty 49? :D
    Kiitän!
     
    GoldenFIN, Dec 15, 2006
    #13
  14. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Vaikea sanoa. Vielä ongelmia?
     
    -kemisti-, Dec 15, 2006
    #14
  15. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    No eihän tässä oikeestaan mitään onkelmia oo ilmenny, roskapostia tulee viel kyllä ku esterin perseestä! yhessä päivässä yli 20 spammiviestiä :/ Voisin tänä yönä skannata tän viel F-Securella manuaalisesti koko koneen ja kattoo löytääkö mitään ku ennen se on aina löytäny noi samat örkit aina joku Undenified tuli sillon ja että on muuttanut nimeään tai jtn.. ilmottelen huomenna miltä näyttää! :)
    Kiitos!
    Jussi
     
    GoldenFIN, Dec 15, 2006
    #15
  16. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Spämmien tulo ei riipu viruksista, vaan sitä missä sähköpostiosoitteesi on esille :) Jos se on jossain sivulla ns. klikattavassa muodossa, niin kyllä joku spambotti sen sieltä nappaa.
     
    -kemisti-, Dec 16, 2006
    #16
  17. GoldenFIN

    GoldenFIN Regular member

    Joined:
    Jun 12, 2006
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    26
    eiku mä vaan luin jotain ku oli noita viruksia ym paskoja koneella ja kun F-Secure ilmotti että tämmönen ja tämmönen on löytynyt täältä ja täältä ja sit siinä näky sen viruksen tai mikä nyt olikaa nimi ja kopsasin sen siitä googleen ja katoin tietoa siitä nii se oli joku semmonen mikä lähettää tommosia samanlaisia spämmiviestejä ja se lähettäjän nimi on aina joku etu ja sukunimi silleen et se näyttäis tulevan joltain ihmiseltä henkilökohtasena.. no joka tapauksessa F-Secure ilmotti näin:



    Tarkistusraportti
    16. joulukuuta 2006 11:26:24 - 14:01:15

    Tietokoneen nimi: JUSSIN-KONE
    Tarkistustyyppi: Suorita tietokoneen täysi tarkistus
    Kohde: C:\ D:\ + järjestelmän rekisteri + rootkit-ohjelmat
    Tulos: Haittaohjelmia löytyi 1
    Adware.MyToolbar (Undefined)

    * REGKEY:HKCR\interface\{c6f2214e-0b54-45a9-b90d-7dd4ba45ed0b}
    Toiminto: eristetty

    Tilastot
    Tarkistettuja:

    * Tiedostot: 338068
    * Järjestelmän rekisteri: 8929
    * Tarkistamatta: 345

    Tulos:

    * Virukset: 0
    * Vakoiluohjelmat: 1
    * Epäilyttävät kohteet: 0

    Toiminnot:

    * Puhdistettuja: 0
    * Uudelleennimettyjä: 0
    * Poistettuja: 0
    * Eristettyjä: 1
    * Epäonnistunut: 0

    Käynnistyssektorit:

    * Tarkistettuja: 1
    * Tartuntoja: 0
    * Epäilyttävät kohteet: 0
    * Puhdistettuja: 0


    No se on nyt eristetty mutta enpä usko että auttaa mitään.. Tulee varmaan takas heti ku käynnistää koneen uusiks tai enpä tiiä.
    Voisin viel skannaa joku päivä tolla escannilla ja Dr.Webillä ja pistää lokit tänne.
    Greetz Jussi
     
    GoldenFIN, Dec 16, 2006
    #17
Thread Status:
Not open for further replies.

Share This Page