Messengeri virus + HooJiiTee-logi

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by tupla3, Jun 10, 2008.

  1. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Eli minäkin onnistuin tuon mese viruksen koneelle hankkimaan viime viikolla. Kotikonsteilla (=tämän keskustelupalstan ohjeilla ja vinkeillä) sitä yrittänyt hävittää ja jotenkin onnistunutkin..

    Aluksi konetta käynnittäessä tuli .botteja ruutuun ja ja C:n juureen, ne oon saanu hävitettyä. Myös windowsin autom.päivitykset meni pois käytöstä eikä siihen pystyny vaikuttaa, mutta senkin sain sit lopulta kuntoon ohjeiden avulla. Lisäksi windows-kansioon tuli yhtä jos sun toista troijalaista..nekin kuoli erilaisilla torjuntaohjelmilla.

    Koneen oon käynyt läpi useampaan kertaan ainakin Avastilla, CCleanerilla, Ad-Awarella ja koneen omalla Nortonilla, ja enää noi ei juurikaan mitään ylimääräistä löydä..

    Ainut näkyvä haitta mikä viel esiintyy on aina uudelleen käynnistettäessä tuleva ilmoitus:
    "virhe ladattaessa C:\windows\system32\qhnbvrcp.dll "
    Tuon joko Avast tai Ad-aware pyyhki mennessään..

    Alla on hjt-logi..löytyykö siitä jotain häikkää? lisäksi kiinnostaisi miten sen käynnistyksen yhteydessä ilmestyvän virheilmoituksen saisi hävitettyä.
    Jahka joku asiantuntija kerkiäis vilkasta ja kommeintoida, niin suuresti arvostaisin!



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:28:06, on 10.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\UMonit.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
    O2 - BHO: (no name) - {4A7750C8-797B-4DE6-9009-61757B7E4167} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows svchost] service.exe
    O4 - HKLM\..\Run: [BMa354a9f9] Rundll32.exe "C:\WINDOWS\system32\qhnbvrcp.dll",s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O18 - Protocol: bw+0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: iifcDVmL - iifcDVmL.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 19867 bytes
     
    tupla3, Jun 10, 2008
    #1
  2. Hujo

    Hujo Guest

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Hujo, Jun 10, 2008
    #2
  3. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix 08-06-10.5 - JP 2008-06-11 17:34:38.1 - NTFSx86
    Running from: C:\Documents and Settings\JP\Omat tiedostot\Vastaanotetut tiedostot\ComboFix.exe
    * Created a new restore point
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMa354a9f9.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\jsnrqred.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\ybHQAccf.ini
    C:\WINDOWS\system32\ybHQAccf.ini2

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-11 to 2008-06-11 )))))))))))))))))
    .

    2008-06-11 03:08 . 2008-06-11 03:09 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-06-11 00:26 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 00:26 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-06 01:20 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
    2008-06-06 01:19 . 2008-06-06 01:19 <KANSIO> d-------- C:\Program Files\IObit
    2008-06-05 18:23 . 2008-06-05 18:23 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-06-05 18:10 . 2008-06-05 18:10 <KANSIO> d-------- C:\Program Files\Lavasoft
    2008-06-05 18:10 . 2008-06-05 18:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-05 18:09 . 2008-06-05 18:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-05 17:57 . 2004-09-15 15:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
    2008-06-05 17:56 . 2004-09-15 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-06-05 17:56 . 2004-09-15 15:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
    2008-06-05 17:56 . 2004-09-15 15:00 315,452 --a--c--- C:\WINDOWS\system32\dllcache\imskf.dll
    2008-06-05 17:56 . 2004-09-15 15:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
    2008-06-05 17:56 . 2004-09-15 15:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
    2008-06-05 17:56 . 2004-09-15 15:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
    2008-06-03 23:33 . 2008-06-11 17:45 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
    2008-06-03 00:43 . 2008-06-03 00:44 <KANSIO> d-------- C:\Program Files\CCleaner
    2008-06-02 22:30 . 2008-06-10 06:41 22 --a------ C:\WINDOWS\DC5177176.zip
    2008-06-02 21:05 . 2008-06-02 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-02 21:05 . 2008-06-02 21:05 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-05 21:18 --------- d-----w C:\Program Files\Google
    2008-06-05 18:48 --------- d-----w C:\Program Files\Common Files\Real
    2008-06-05 14:42 --------- d-----w C:\Program Files\Java
    2008-06-03 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-02 16:20 --------- d-----w C:\Program Files\DC++
    2008-05-29 13:38 --------- d-----w C:\Program Files\My music 1
    2008-05-22 19:03 --------- d-----w C:\Program Files\My music
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A7750C8-797B-4DE6-9009-61757B7E4167}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-12 00:09 32768]
    "Advanced WindowsCare 3"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" [2008-04-22 17:01 2024200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
    "UMonit"="C:\WINDOWS\system32\UMonit.exe" [2005-08-25 14:48 237568]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
    "SMSERIAL"="sm56hlpr.exe" [2005-09-12 16:35 544768 C:\WINDOWS\sm56hlpr.exe]
    "PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-09-16 09:38 31744]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2006-01-05 08:15 73728]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2006-01-05 07:58 489472]
    "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 22:25 172032]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Windows svchost"="service.exe" []
    "BMa354a9f9"="C:\WINDOWS\system32\qhnbvrcp.dll" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcDVmL]
    iifcDVmL.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "VIDC.HFYU"= huffyuv.dll
    "msacm.avis"= ff_acm.acm
    "vidc.i263"= C:\WINDOWS\system32\i263_32.drv
    "msacm.imc"= C:\WINDOWS\system32\imc32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\Msmsgs.exe"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16e429ba-0e1d-11dd-b4ed-0014a56dd8d6}]
    \Shell\AutoRun\command - F:\setup.exe AUTORUN=1

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd1aeaea-d34a-11dc-b4a4-0014a56dd8d6}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    'Ajoitetut teht„v„t'-kansion sis„lt”
    "2008-06-05 15:27:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-11 17:42:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Norman\npm\bin\elogsvc.exe
    C:\Norman\npm\bin\Zanda.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
    C:\Norman\NVC\Bin\Nip.exe
    C:\Norman\npm\bin\Njeeves.exe
    C:\Norman\NVC\Bin\Nvcsched.exe
    C:\Norman\NVC\Bin\Nvcoas.exe
    C:\Norman\NVC\Bin\CClaw.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-11 17:55:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-11 14:54:53

    Pre-Run: 23,416,307,712 tavua vapaana
    Post-Run: 23,373,262,848 tavua vapaana

    157 --- E O F --- 2008-06-11 00:18:04




    Eli tällainen oli tulos..mitkä ovat seuraavat liikkeet..?
     
    tupla3, Jun 11, 2008
    #3
  4. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript.txt

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

    ============

    scannaa hjt:llä merkkaa paina Fix checked

    O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
    O2 - BHO: (no name) - {4A7750C8-797B-4DE6-9009-61757B7E4167} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Windows svchost] service.exe
    O4 - HKLM\..\Run: [BMa354a9f9] Rundll32.exe "C:\WINDOWS\system32\qhnbvrcp.dll",s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O20 - Winlogon Notify: iifcDVmL - iifcDVmL.dll (file missing)
     
    Hujo, Jun 11, 2008
    #4
  5. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Yllä olevat tehty..


    ComboFix 08-06-10.5 - 2008-06-11 19:04:07.2 - NTFSx86
    Running from: C:\Documents and Settings\JP\Omat tiedostot\Vastaanotetut tiedostot\ComboFix.exe
    Command switches used :: C:\Documents and Settings\JP\Omat tiedostot\Vastaanotetut tiedostot\CFScript.txt.txt
    * Created a new restore point
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\DC5177176.zip
    C:\WINDOWS\service.exe
    C:\WINDOWS\system32\qhnbvrcp.dll
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\DC5177176.zip

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
    .

    2008-06-11 17:55 . 2008-06-11 17:55 <KANSIO> d-------- C:\Documents and Settings\JP
    2008-06-11 03:08 . 2008-06-11 03:09 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-06-11 00:26 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 00:26 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-06 01:20 . 2008-06-06 01:20 <KANSIO> d-------- C:\Documents and Settings\JP\Application Data\IObit
    2008-06-06 01:20 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
    2008-06-06 01:19 . 2008-06-06 01:19 <KANSIO> d-------- C:\Program Files\IObit
    2008-06-05 23:30 . 2008-06-06 00:03 <KANSIO> d-------- C:\Documents and Settings\JP\Application Data\RegClean
    2008-06-05 18:23 . 2008-06-05 18:23 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-06-05 18:10 . 2008-06-05 18:10 <KANSIO> d-------- C:\Program Files\Lavasoft
    2008-06-05 18:10 . 2008-06-05 18:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-05 18:09 . 2008-06-05 18:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-05 17:57 . 2004-09-15 15:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
    2008-06-05 17:56 . 2004-09-15 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-06-05 17:56 . 2004-09-15 15:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
    2008-06-05 17:56 . 2004-09-15 15:00 315,452 --a--c--- C:\WINDOWS\system32\dllcache\imskf.dll
    2008-06-05 17:56 . 2004-09-15 15:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
    2008-06-05 17:56 . 2004-09-15 15:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
    2008-06-05 17:56 . 2004-09-15 15:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
    2008-06-03 23:33 . 2008-06-11 17:45 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
    2008-06-03 00:43 . 2008-06-03 00:44 <KANSIO> d-------- C:\Program Files\CCleaner
    2008-06-02 21:05 . 2008-06-02 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-02 21:05 . 2008-06-02 21:05 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-05 21:18 --------- d-----w C:\Program Files\Google
    2008-06-05 18:48 --------- d-----w C:\Program Files\Common Files\Real
    2008-06-05 14:42 --------- d-----w C:\Program Files\Java
    2008-06-03 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-02 16:20 --------- d-----w C:\Program Files\DC++
    2008-05-29 13:38 --------- d-----w C:\Program Files\My music 1
    2008-05-22 19:03 --------- d-----w C:\Program Files\My music
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A7750C8-797B-4DE6-9009-61757B7E4167}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-12 00:09 32768]
    "Advanced WindowsCare 3"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" [2008-04-22 17:01 2024200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
    "UMonit"="C:\WINDOWS\system32\UMonit.exe" [2005-08-25 14:48 237568]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
    "SMSERIAL"="sm56hlpr.exe" [2005-09-12 16:35 544768 C:\WINDOWS\sm56hlpr.exe]
    "PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-09-16 09:38 31744]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2006-01-05 08:15 73728]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2006-01-05 07:58 489472]
    "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 22:25 172032]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Windows svchost"="service.exe" []
    "BMa354a9f9"="C:\WINDOWS\system32\qhnbvrcp.dll" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-12 00:09:09 450560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcDVmL]
    iifcDVmL.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "VIDC.HFYU"= huffyuv.dll
    "msacm.avis"= ff_acm.acm
    "vidc.i263"= C:\WINDOWS\system32\i263_32.drv
    "msacm.imc"= C:\WINDOWS\system32\imc32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\Msmsgs.exe"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
    R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-07-28 11:53]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
    R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
    R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
    R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
    S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2005-08-17 20:25]
    S3 NCBULK;NetChip USB client driver;C:\WINDOWS\system32\drivers\NcBulk.sys [2005-06-01 05:46]
    S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
    S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]
    S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]
    S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16e429ba-0e1d-11dd-b4ed-0014a56dd8d6}]
    \Shell\AutoRun\command - F:\setup.exe AUTORUN=1

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd1aeaea-d34a-11dc-b4a4-0014a56dd8d6}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2008-06-05 15:27:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-11 19:11:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-06-11 19:14:06
    ComboFix-quarantined-files.txt 2008-06-11 16:14:01
    ComboFix2.txt 2008-06-11 14:55:37

    Pre-Run: 23,371,890,688 tavua vapaana
    Post-Run: 23,363,354,624 tavua vapaana

    157 --- E O F --- 2008-06-11 00:18:04





    Käynnistin koneen uudelleen noiden toimenpiteiden jälkeen ja ainakin se aikaisempi virheilmoitus oli kadonnut!
    Laitan vielä tuoreimman hjt-loginkin..


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:41:28, on 11.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\UMonit.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O18 - Protocol: bw+0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 19413 bytes
     
    tupla3, Jun 11, 2008
    #5
  6. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    Logitech Desktop Messenger

    ==============

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi.
     
    Hujo, Jun 11, 2008
    #6
  7. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Malwarebytes' Anti-Malware 1.17
    Tietokantaversio: 848

    21:18:46 11.6.2008
    mbam-log-6-11-2008 (21-18-46).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|)
    Tarkistetut kohteet: 95278
    Kulunut aika: 55 minute(s), 8 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 3
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 0

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    (Haitallisia kohteita ei löydetty)




    Seuraavat toimenpiteet..?
     
    tupla3, Jun 11, 2008
    #7
  8. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki
     
    Hujo, Jun 11, 2008
    #8
  9. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:43:40, on 11.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\UMonit.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 7167 bytes
     
    tupla3, Jun 11, 2008
    #9
  10. Hujo

    Hujo Guest

    kunnossa kuinkas kone toimii
     
    Hujo, Jun 11, 2008
    #10
  11. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Hyvä! Näyttäisi ja tuntuisi toimivan ihan normaalisti, tai jopa tehokkaammin kuin mitä ennen näitä siivous-episodeja, sillä tais siellä jotain aikaisempiakin pöpöjä olla ja turhia ohjelmia..

    Voiko nuo "ylimääräiset" torjunta/skannaus ohjelmat nyt poistaa koneelta ja voiko esim live messengerin asentaa uudestaan ilman pelkoa, että vielä levittäisin tai lähettäisin mesevirusta eteenpäin..?
     
    tupla3, Jun 11, 2008
    #11
  12. Hujo

    Hujo Guest

    Tätä älä poista Malwarebytes' Anti-Malware

    =================

    Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK

    ==================

    voihan sen mesen koneelle laittaa mutta ei pidä aukoa linkejä tai jotain lataus juttuja mitä mesen kautta tarjotaan sillä siellä voi sen kaverin kone olla saastunut ja taas on msn virus koneella jos aukaset
     
    Last edited by a moderator: Jun 11, 2008
    Hujo, Jun 11, 2008
    #12
  13. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    OK!

    Ajan vielä Nortonit ja Ad-awaret yön aikana läpi..
    Palaan asiaan jos vielä jotain probleemia esiin putkahtaa,
    vaikka nyt aika hyvältä jo näyttääkin..

    Tuhannet kiitokset avusta, vaivannäöstä ja vinkeistä!!

    Ja hyvää kesän jatkoa, toivottavasti ei mene koko kesää meidän tumpeloiden jelppimiseen..:)
     
    tupla3, Jun 11, 2008
    #13
  14. tupla3

    tupla3 Member

    Joined:
    Jun 10, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Moi! muuten on kone toiminut hyvin ja mitään viruksia tai muita menninkäisiä ei enää ole löytynyt, mutta messengeriä uudelleen asennettaessa tulee vielä pieni ongelma johon asennus keskeytyy.

    Eli "Windows live-asennusongelma" -ikkuna ilmestyy ruutuun ja siinä lukee:

    "Tässä asennuksessa ilmeni ongelma.
    Järjestelmävirheen tiedot
    koodi: 0x8000ffff
    kuvaus: kriittinen virhe "

    Oisko tällaseen probleemaan vielä ohjetta tai vinkkiä..?
     
    tupla3, Jun 17, 2008
    #14

Share This Page