HJT logeissa jotakin ongelmaa?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Jopiz, Oct 13, 2008.

  1. Jopiz

    Jopiz Member

    Joined:
    Sep 19, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Kaverin HiJackThis-logit:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:21:03, on 13.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\TBPanel.exe
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://saunalahti.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.dnainternet.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dnainternet.net;*.fi;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.jippii.fi/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127810456269
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O18 - Protocol: bw+0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {C074E836-B6A0-4232-B8E3-AA6149E5FA47} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

    --
    End of file - 22449 bytes

    Kiitoksia näin jo etukäteen!
     
    Jopiz, Oct 13, 2008
    #1
  2. Jopiz

    Jopiz Member

    Joined:
    Sep 19, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Kellään kiinnostusta chekata logeja?
    Kone hidastelee aivan julmetusti eikä poweria tunnu löytyvän!
     
    Jopiz, Oct 13, 2008
    #2
  3. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe


    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    ---------------------------------------------------------------

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    * Vaihda Logitech Desktop Messenger johonkin terveempään Desktopiin.
    * Googlen Desktop on ihan hyvä.
     
    kalminen, Oct 14, 2008
    #3
  4. Jopiz

    Jopiz Member

    Joined:
    Sep 19, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Tässsäpä olis combofixin logi:

    ComboFix 08-10-11.04 - Petri Juutinen 2008-10-16 21:00:23.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.431 [GMT 3:00]
    Sijainti: C:\Documents and Settings\Petri Juutinen\Työpöytä\jotai\ComboFix.exe
    Käytetyt komentorivivalitsimet :: C:\Documents and Settings\Petri Juutinen\Työpöytä\CFScript.txt
    * Uusi palautuspiste luotu
    * Resident AV is active


    VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Petri Juutinen\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
    C:\Documents and Settings\Petri Juutinen\Local Settings\Temporary Internet Files\ijjistarter2.exe
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Petri Juutinen\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
    C:\WINDOWS\IE4 Error Log.txt
    C:\WINDOWS\temp\perflib_perfdata_1cc.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IPRIP
    -------\Service_Iprip


    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-16 to 2008-10-16 )))))))))))))))))
    .

    2008-10-15 18:35 . 2008-04-23 14:02 157,152 --a------ C:\WINDOWS\system32\PubPlugin.dll
    2008-10-13 15:31 . 2008-10-13 15:32 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-13 15:31 . 2008-10-13 15:31 <KANSIO> d-------- C:\Documents and Settings\Petri Juutinen\Application Data\Malwarebytes
    2008-10-13 15:31 . 2008-10-13 15:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-13 15:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-13 15:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-13 15:20 . 2008-10-13 15:20 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-10-08 18:35 . 2008-10-08 18:35 <KANSIO> d-------- C:\ijji
    2008-10-08 18:33 . 2008-10-08 18:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
    2008-10-03 17:49 . 2008-10-03 18:10 <KANSIO> d-------- C:\Program Files\Cheat Engine
    2008-09-24 15:43 . 2008-09-24 15:43 268 --ah----- C:\sqmdata14.sqm
    2008-09-24 15:43 . 2008-09-24 15:43 244 --ah----- C:\sqmnoopt13.sqm

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-16 17:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-16 17:34 --------- d-----w C:\Program Files\Logitech
    2008-10-15 16:16 --------- d--h--w C:\Documents and Settings\Petri Juutinen\Application Data\ijjigame
    2008-10-01 10:44 --------- d-----w C:\Program Files\EA Games
    2008-09-28 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-09-21 07:39 --------- d-----w C:\Program Files\Steam
    2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-14 13:38 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-12 06:25 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-09-10 15:56 --------- d-----w C:\Program Files\Windows Live
    2008-09-10 15:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-09-10 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-28 12:28 --------- d-----w C:\Documents and Settings\Petri Juutinen\Application Data\LimeWire
    2008-08-28 12:27 --------- d-----w C:\Program Files\LimeWire
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-28 08:03 74,752 ----a-w C:\WINDOWS\system32\msw3prt.dll
    2008-08-28 08:03 104,960 ----a-w C:\WINDOWS\system32\win32spl.dll
    2008-08-26 08:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-21 19:11 --------- d-----w C:\Program Files\Mopokorttikoulu
    2008-08-14 13:46 2,182,656 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:46 2,060,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-07-30 13:56 95,711 ----a-w C:\WINDOWS\Mopokorttikoulu Uninstaller.exe
    2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-02-14 06:44 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ------- Sigcheck -------

    2004-09-15 15:00 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe

    2001-10-09 15:00 75264 9c81030c5482b731ce388919fcd058b5 C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll
    2004-09-15 15:00 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\system32\ws2_32.dll

    2004-09-15 15:00 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\system32\winlogon.exe

    2004-09-15 15:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

    2004-09-15 15:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

    2004-09-15 15:00 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\system32\services.exe

    2004-09-15 15:00 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\system32\lsass.exe

    2004-09-15 15:00 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\system32\ctfmon.exe

    2005-06-11 03:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2004-09-15 15:00 57856 977db6827ad7c3eaa1f9e83a22483611 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
    2005-06-11 02:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe

    2004-09-15 15:00 24576 6484e1ecd8be4011d74fe68a761798fd C:\WINDOWS\system32\userinit.exe
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 7110656]
    "F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.EXE" [2007-04-26 183208]
    "F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 740208]
    "News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 356352]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 86016]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184]
    "Gainward"="C:\WINDOWS\TBPanel.exe" [2002-04-26 3579904]
    "Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 C:\WINDOWS\LOGI_MWX.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-14 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office Pikahaku.lnk]
    path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office Pikahaku.lnk
    backup=C:\WINDOWS\pss\Microsoft Office Pikahaku.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Status Monitor.lnk]
    path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Status Monitor.lnk
    backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
    --------- 2005-05-17 17:42 933888 C:\Program Files\Brother\ControlCenter2\brctrcen.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --------- 2004-09-07 16:25 1400944 C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2005-03-17 14:45 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a------ 2004-10-08 12:06 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    --------- 2004-09-22 17:10 1871872 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2005-03-17 14:25 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
    --------- 2004-04-21 11:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2008-07-10 00:33 36352 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-15 11:40 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-08-17 18:39 90112 C:\WINDOWS\soundman.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "PowerBar"=

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Steam\\steamapps\\ronzukka\\counter-strike\\hl.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\ijji\\ENGLISH\\u_gunz.exe"=
    "C:\\Program Files\\Steam\\steamapps\\ronzukka\\condition zero\\hl.exe"=
    "C:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 51072]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-02-13 41184]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 59760]
    S3 AIM_USBdriver;AIM USB Driver (v.10.01) VID=11CC;C:\WINDOWS\system32\Drivers\AIM_USBdrv10_01.sys [2004-09-30 24704]
    S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [ ]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 40048]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 25456]
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    HKLM-Run-Cmaudio - cmicnfg.cpl
    MSConfigStartUp-LDM - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-16 21:16:32
    Windows 5.1.2600 Service Pack 2 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...


    **************************************************************************
    .
    Valmistumisajankohta: 2008-10-16 21:26:09
    ComboFix-quarantined-files.txt 2008-10-16 18:24:59

    Ennen ajoa: 2,699,948,032 tavua vapaana
    Ajon jälkeen: 2,696,998,912 tavua vapaana

    201 --- E O F --- 2008-10-15 16:43:20


    =======================================================================

    Tässäpä se hjt logi:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:34:42, on 16.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\dna Nettiturva\Common\FSM32.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\TBPanel.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
    C:\Program Files\dna Nettiturva\Common\FCH32.EXE
    C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
    C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
    C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://saunalahti.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.dnainternet.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dnainternet.net;*.fi;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.jippii.fi/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127810456269
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

    --
    End of file - 9306 bytes

    Kone jostakin syystä aina kaatuu kun kone käynnistetään. Seuraavalla kerralla kyllä ihan mukisematta käynnistyy. Tämä siis tapahtuu jokaisen startin yhteydessä. Löytyykö ongelmaan jotakin fixiä?
     
    Jopiz, Oct 16, 2008
    #4
  5. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Logilla on kaikki kunnossa.

    Rkisterin siivous saattaa auttaa.

    Lataa CCleaner tästä

    * Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
    * Asennuksen jälkeen aukaise CCleaner.
    * Valitse vasemmalta pystyrivistä Options.
    * Valitse viereisestä pystyrivistä Settings.
    * Language kohtaan valitse Suomi.
    Puhdistaja

    • * Valitse vasemmalta pystyrivistä Puhdistaja.
      * Paina alhaalta Tutki.
      * Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
      * Kun tutkiminen on valmis, paina Aja CCleaner.
      Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
      Rekisterin virheiden korjaus
      * Valitse vasemmalta pystyrivistä Virheet.
      * Paina alhaalta Etsi rekisterin virheitä.
      * Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
      * Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
      * Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
      * Saat vielä varmistus kysymyksen, paina Ok.
      * Kun virheet on korjattu, paina Sulje.
      * Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

      D:
     
    kalminen, Oct 17, 2008
    #5

Share This Page