HJTlogi

Discussion in 'Virukset ja haittaohjelmat' started by Kakkara, May 8, 2006.

  1. Kakkara

    Kakkara Member

    Joined:
    Mar 17, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Että tällainen tapaus. Norton ton löysi, mutta ei osannut tehdä asialle mitään. Te varmaan osaatte. Kiitos jo etukäteen!



    Logfile of HijackThis v1.99.1
    Scan saved at 14:52:09, on 8.5.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\System32\svchost.exe
    c:\winnt\system32\alert.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\winnt\system32\drivers\lssas.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\system32\MSGSRVR.EXE
    C:\WINNT\System32\UMonit2k.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\internat.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINNT\system32\catroot\FireDaemon.EXE
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\catroot\scvhost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.em-kone.fi/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Config Loader] scvhosl.exe
    O4 - HKLM\..\Run: [dllsys] C:\WINNT\dllsys.exe
    O4 - HKLM\..\Run: [Microsoft Update] MSGSRVR.EXE
    O4 - HKLM\..\Run: [Microsoft Office] c:\winnt\system32\telnet.bat
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\UMonit2k.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\RunServices: [Config Loader] scvhosl.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] MSGSRVR.EXE
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DF59C56E-12EC-4233-AB0C-B87ABFADACAA}: NameServer = 193.229.0.40,193.229.0.42
    O18 - Protocol: bw+0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Msevent alerter - Unknown owner - c:\winnt\system32\alert.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: FireDaemon Service: System (System) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
    O23 - Service: FireDaemon Service: winnt32 (winnt32) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
     
    Kakkara, May 8, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Onhan siellä vähän sitä sun tätä.

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    O4 - HKLM\..\Run: [Config Loader] scvhosl.exe
    O4 - HKLM\..\Run: [dllsys] C:\WINNT\dllsys.exe
    O4 - HKLM\..\Run: [Microsoft Update] MSGSRVR.EXE
    O4 - HKLM\..\Run: [Microsoft Office] c:\winnt\system32\telnet.bat
    O4 - HKLM\..\RunServices: [Config Loader] scvhosl.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] MSGSRVR.EXE
    O23 - Service: Msevent alerter - Unknown owner - c:\winnt\system32\alert.exe

    Oletko itse asentanut tuon FireDaemonin? Jos, et niin fixaa nämäkin:

    O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
    O23 - Service: FireDaemon Service: System (System) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
    O23 - Service: FireDaemon Service: winnt32 (winnt32) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE

    Sitten käynnistä -> suorita -> services.msc -> ok
    Etsi listalta

    Msevent alerter
    FireDaemon Service: Secure (Secure)
    FireDaemon Service: System (System)
    FireDaemon Service: winnt32 (winnt32) (kolme alimmaista vain jos et ollut asentanut FireDaemonia itse)

    Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä.

    Avaa HjT -> open misc tools -> delete nt service

    Syötä nämä yksi kerrallaan ja klikkaa ok.

    Msevent alerter
    Secure
    System
    winnt32
    (kolme alinta vain jos et ollut asentanut FireDaemonia itse)

    Lataa ja tallenna http://www.f-secure.com/blacklight/try.shtml Blacklight työpöydällesi;

    Tupla-klikkaa blbeta.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

    Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

    Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".

    Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

    Poista, jos löytyy:

    c:\winnt\system32\alert.exe
    c:\winnt\system32\drivers\lssas.exe
    C:\WINNT\system32\catroot\scvhost.exe
    (C:\WINNT\system32\catroot\FireDaemon.EXE) (jos et ollut asentanut FireDaemonia itse)
    c:\winnt\system32\telnet.bat
    C:\WINNT\dllsys.exe
    scvhosl.exe
    MSGSRVR.EXE (etsi näitä Etsi-toiminnolla)

    Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

    Käynnistä uudelleen, lähetä ewidon ja blacklightin raportit ja uusi HjT-loki.
     
    Last edited: May 8, 2006
    -kemisti-, May 8, 2006
    #2
  3. Kakkara

    Kakkara Member

    Joined:
    Mar 17, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Nyt olis korjaukset tehty. Miltä näyttää?

    Logfile of HijackThis v1.99.1
    Scan saved at 11:08:48, on 10.5.2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\UMonit2k.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\HJT\HijackThis.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.em-kone.fi/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\UMonit2k.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123838865953
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DF59C56E-12EC-4233-AB0C-B87ABFADACAA}: NameServer = 193.229.0.40,193.229.0.42
    O18 - Protocol: bw+0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe



    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 11:02:10, 10.5.2006
    + Report-Checksum: C4EAFC2F

    + Scan result:

    C:\Documents and Settings\Arja\Cookies\arja@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\RECYCLER\S-1-5-21-602162358-1844237615-839522115-1000\Dc4.exe -> Backdoor.Iroffer.1213.a : Cleaned with backup
    C:\RECYCLER\S-1-5-21-602162358-1844237615-839522115-1000\Dc5.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup
    C:\WINNT\system32\CatRoot\info.exe -> Trojan.Logg : Cleaned with backup


    ::Report End


    05/10/06 09:49:24 [Info]: BlackLight Engine 1.0.36 initialized
    05/10/06 09:49:24 [Info]: OS: 5.0 build 2195 (Service Pack 4)
    05/10/06 09:49:24 [Note]: 7019 4
    05/10/06 09:49:24 [Note]: 7005 0
    05/10/06 09:49:44 [Note]: 7006 0
    05/10/06 09:49:44 [Note]: 7011 1116
    05/10/06 09:49:44 [Note]: 7026 0
    05/10/06 09:49:44 [Note]: 7026 0
    05/10/06 09:49:48 [Note]: FSRAW library version 1.7.1015
    05/10/06 09:50:43 [Note]: 2000 1006
    05/10/06 09:50:43 [Note]: 2000 1006
    05/10/06 09:51:20 [Note]: 7007 0
     
    Kakkara, May 10, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Näyttää hyvältä :)

    Yksi asia on kuitenkin tehtävä, koska sun koneella oli salasanoja varasteleva troijalainen:

    C:\WINNT\system32\CatRoot\info.exe -> Trojan.Logg : Cleaned with backup

    Vaihda kaikki online-salasanat (sähköposti, keskustelupalstat)
    ja ota yhteyttä verkkopankkiin ja luottokorttiyhtiöön ja kysy onko tehty väärinkäytöksiä.
     
    -kemisti-, May 10, 2006
    #4
  5. Kakkara

    Kakkara Member

    Joined:
    Mar 17, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Kiitos paljon avusta! Täytyy varmaan tosiaan vaihtaa tärkeimmät salasanat.

    Niin joo. Yks ongelma on vielä. osaisitkohan sanoa siihen jotain.

    Norton antivirus kertoo skannatessa, että 1 jutska saastuttaa ja kysyy korjataanko. Kun sanoo että joo, tulee ilmoitus;

    navw32.exe-aloituskohtaa ei löydy
    proseduurin aloituskohtaa GetRawInputDeviceList ei löydy dynaamisesti
    linkitettävästä kirjastosta USER32.dll

    Kun klikkaa ok, tulee ruutu, jossa tekstiä (lyhennettynä suunnilleen)
    Norton AV was unable to... Some NAV components are missing.

    Norton vie symantecin sivuille, tarjoo autofixiä joka ei osaa tehdä mitään. Sit pyydetään laittaan viesti, johon luvataan vastata 48 h:n sisällä. Kun edelleen toimii vastauksen mukaan, pääsee vastaa kyselyyn;
    1 jos sulle tulee uudestaan ongelma, otatko varmasti yhteyttä meihin
    2 jos sun kaverille tulee ongelma, suositteletko meitä

    sen jälkeen ei tapahdu mitään
     
    Kakkara, May 11, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Niin mikä se nortonin löydös mahtaa olla ja missä se sijaitsee?
     
    -kemisti-, May 11, 2006
    #6
  7. Kakkara

    Kakkara Member

    Joined:
    Mar 17, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    No siinäpä se. Kun se ilmoittaa, että 1 item is infecting... ja sit kun painaa scan tjtn, niin Norton antaa ton virheilmoituksen, että jotain komponentteja puuttuu, eikä skannausta voitu tehdä. Eli en tiedä mikä mahtaa olla.
     
    Kakkara, May 11, 2006
    #7
  8. Kakkara

    Kakkara Member

    Joined:
    Mar 17, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Korjaan...

    1 item is affecting.

    -tarjoaa vaihtoehtoa "fix now"

    -aloittaa korjaamaan: "Fixin 1 item" ja sit heti herjaa

    että sitä navw32.exe-aloituskohtaa ei löydy
     
    Kakkara, May 11, 2006
    #8
  9. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    No tuohon on aika mahdotonta sanoa mitään :(
    Yksi vaihtoehto on Nortonin poisto ja uudelleenasennus
     
    -kemisti-, May 11, 2006
    #9
  10. Kakkara

    Kakkara Member

    Joined:
    Mar 17, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Sitä ehdotettiin myös Nortonin sivuilla ja sitäkin kokeiltiin, mutta ei auttanut. No ei voi mitään. Mutta pääasiahan on että kone toimii nyt muuten hyvin. Kiitos vielä kerran! :)
     
    Kakkara, May 11, 2006
    #10
  11. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    -kemisti-, May 11, 2006
    #11

Share This Page