'TurvaPC' -virus, lahtiko jo pois vai onko viela?

Kakkoskoneelle tuli tanaan pop-up mika mainosti turvaPC.com nimista sivua ja kuten naille sivuille olennaista, kun yritti sammuttaa selainta tuli ilmoitus "koneesi on saastunut, lataa turvaPC niin paaset siita eroon..." No en tietenkaan ladannut vaan katsoin taalta muutaman vanhemman (1, 2) turvaPC topicin ja katsoin niista ohjeita. Kokeilin laittaa koneen vikasietotilaan mutta jai vain valkoinen viiva vilkkumaan eika siis toiminut. Joten ajoin vain normaali tilassa SmitFraudFix:n, SDFix:n, NoLop:n, FixWareOut:n ja ComboFix:n. Sen jalkeen ajoin viela F-Securen online virus scannerin joka loysi viruksen nimelta Buzus (a.k.a MSN.COM), josta loysin tietoa "Upon execution, it copies itself as serena.exe in Windows System folder.". No sitten yritin etsia serena.exe:a koneelta --> ei loytynyt, yritin etsia myos MSN.COM jonka F-Secure sanoi sijaitsevan kansiossa C:\WINDOWS\, mutta ei loytynyt. Sitten kun katsoin koneen kaynnistyksessa kaynnistyvia ohjelmia, niin loysin sielta tuon MSN.COMin, joka siis kaynnistyi 'Windows Live Messengerina' koneen kaynnistyessa ja kysyi aina "Internetista ladatut ohjelmat saattavat sisaltaa viruksia, mutta ajetaanko ohjelma silti", (PS. ENKA tarkoita sita oikeaa mesea, silla se kaynnistyi normaalisti omana prosessinaan.) Tama MSN.COM oli siis jonkunlainen malware. Poistin sen kaynnistyneisyyksista joten se ei varmaankaan nay alla olevassa logissa enaan, mutta tama on siis mita olen nyt tehnyt itse ennen alla olevan login ottamista.

Eli lyhyesti, kuten otsikossakin, onko virus enaan hengissa? (kaynnistyksessa ei ainakaan tule enaan mitaan.)
Kiitos erittain paljon jos osaat mitenkaan auttaa!
--------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 22:08:51, on 27.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\Documents and Settings\*****\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10D671B0-1254-4376-9348-590133D7B948} (InstallerAX Class) - http://foxmovies.a.content.maven.net/mvms/vfs/fox/foxmovies/live/install/installerAX.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: bw+0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: maven-8110 - {5C7358F2-AFF2-4BB0-AC95-F6E59792D9BC} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: iifcbay - iifcbay.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\Julius\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

merkkaa hjt:lla paina fix checked, käynnistä kone uudestaan
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\Julius\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
---------------
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
-----------
Lataa MsnCleaner.zip

"Pura tiedosto työpöydälle, älä käytä sitä vielä.
"Käynnistä kone Vikasietotilaan
"Tuplaklikkaa MsnCleaner.exe
"Paina Analyze nappia.
"Jos löytyy tartuntoja, paina Deleted nappia.
"Käynnistä kone normaalisti ja lähetä C:\MsnCleaner.txt raportti viestiketjuusi.
----------
Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

 

ComboFix -log

ComboFix 08-03-26.3 - ***** 2008-03-28 12:54:48.2 - NTFSx86
Running from: C:\Documents and Settings\*****\Työpöytä\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-28 to 2008-03-28 )))))))))))))))))
.

2008-03-27 19:41 . 2008-03-27 19:41 <KANSIO> d-------- C:\Documents and Settings\*****\Application Data\Lavasoft
2008-03-27 17:57 . 2008-03-27 18:32 1,696 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-16 20:58 . 2008-03-16 20:58 <KANSIO> d-------- C:\Program Files\ToniArts
2008-03-16 13:56 . 2008-03-16 13:56 <KANSIO> d--h----- C:\fsaua.data

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-16 19:07 --------- d-----w C:\Program Files\Xfire
2008-03-16 19:07 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-16 12:41 --------- d-----w C:\Program Files\CCleaner
2008-03-16 12:30 --------- d-----w C:\Program Files\Nokia
2008-03-16 12:30 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-16 12:25 --------- d-----w C:\Program Files\InterActual
2008-02-05 16:40 --------- d-----w C:\Documents and Settings\*****\Application Data\TERMINAL Studio
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"LDM"="\Program\" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 08:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcbay]
iifcbay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 21:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA Games\\Need for Speed Underground 2\\SPEED2.EXE"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jull34\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jull34\\half-life 2 deathmatch\\hl2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

*Newly Created Service* - ENTDRV51
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 12:57:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-28 12:58:41
ComboFix-quarantined-files.txt 2008-03-28 10:58:38
Pre-Run: 28,792,324,096 tavua vapaana
Post-Run: 28,781,502,464 tavua vapaana
.
2008-03-12 11:00:23 --- E O F ---



MSNCleaner -log-------------------------------------------------------

- Logfile MSNCleaner 1.2.6
- Created Logfile: 28.3.2008 on 13:10:51
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>



Uusi HjT -log----------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:20:58, on 28.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\*****\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10D671B0-1254-4376-9348-590133D7B948} (InstallerAX Class) - http://foxmovies.a.content.maven.net/mvms/vfs/fox/foxmovies/live/install/installerAX.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: bw+0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: maven-8110 - {5C7358F2-AFF2-4BB0-AC95-F6E59792D9BC} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: iifcbay - iifcbay.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Poista lisää poista sovelutuksesta

Logitech Desktop Messenger

scannaa hjt:llä merkkaa paina Fix checked

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O20 - Winlogon Notify: iifcbay - iifcbay.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

======

uusi hjt:n loki

 

Logitech desktop messengeria ei loytynyt mistaan 'poista' sovelluksesta joten poistin kansion 'delete'lla. Nyt HjT log on vain taynna (no file):ja



Logfile of HijackThis v1.99.1
Scan saved at 14:25:15, on 28.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\*****\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10D671B0-1254-4376-9348-590133D7B948} (InstallerAX Class) - http://foxmovies.a.content.maven.net/mvms/vfs/fox/foxmovies/live/install/installerAX.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: bw+0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw+0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw-0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw-0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw00 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw00s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw10 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw10s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw20 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw20s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw30 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw30s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw40 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw40s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw50 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw50s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw60 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw60s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw70 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw70s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw80 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw80s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw90 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw90s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwa0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwa0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwb0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwb0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwc0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwc0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwd0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwd0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwe0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwe0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwf0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwf0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwg0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwh0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwh0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwi0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwi0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwj0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwj0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwk0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwk0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwl0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwl0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwm0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwm0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwn0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwn0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwo0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwo0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwp0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwp0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwq0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwq0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwr0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwr0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bws0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bws0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwt0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwt0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwu0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwu0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwv0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwv0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bww0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bww0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwx0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwx0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwy0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwy0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwz0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwz0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: maven-8110 - {5C7358F2-AFF2-4BB0-AC95-F6E59792D9BC} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKCU\..\Run: [LDM] \Program\
O18 - Protocol: bw+0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw+0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw-0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw-0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw00 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw00s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw10 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw10s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw20 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw20s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw30 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw30s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw40 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw40s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw50 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw50s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw60 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw60s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw70 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw70s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw80 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw80s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw90 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bw90s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwa0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwa0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwb0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwb0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwc0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwc0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwd0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwd0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwe0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwe0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwf0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwf0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwg0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwh0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwh0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwi0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwi0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwj0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwj0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwk0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwk0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwl0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwl0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwm0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwm0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwn0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwn0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwo0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwo0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwp0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwp0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwq0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwq0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwr0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwr0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bws0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bws0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwt0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwt0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwu0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwu0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwv0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwv0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bww0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bww0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwx0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwx0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwy0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwy0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwz0 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: bwz0s - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)
O18 - Protocol: maven-8110 - {5C7358F2-AFF2-4BB0-AC95-F6E59792D9BC} - (no file)
O18 - Protocol: offline-8876480 - {3C4FA43E-0F50-44B6-8136-2E1B147B7625} - (no file)

 

Ja se oli siina? Kiitos erittain paljon!!

tassa viela uusi log:

Logfile of HijackThis v1.99.1
Scan saved at 15:12:36, on 28.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\*****\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10D671B0-1254-4376-9348-590133D7B948} (InstallerAX Class) - http://foxmovies.a.content.maven.net/mvms/vfs/fox/foxmovies/live/install/installerAX.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u5

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

================

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

==============

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

==============

OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

Malwarebytes' Anti-Malware 1.09
Tietokantaversio: 559

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|G:\|)
Tarkistetut kohteet: 144819
Kulunut aika: 1 hour(s), 14 minute(s), 11 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

scannaa uusi hjt:n loki

 

Logfile of HijackThis v1.99.1
Scan saved at 18:20:34, on 28.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Documents and Settings\*****\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10D671B0-1254-4376-9348-590133D7B948} (InstallerAX Class) - http://foxmovies.a.content.maven.net/mvms/vfs/fox/foxmovies/live/install/installerAX.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

ok ..

 

Kiitos avusta!

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:06, on 31.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Live\Perheturva\fssui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Riitta\Program Files\DNA\btdna.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Riitta\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/index.php?rvs=hompag&hl=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Riitta\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Riitta\AppData\Local\Temp\byXNgeFv.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Riitta\AppData\Local\Temp\ljJYQGxv.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Riitta\AppData\Local\Temp\dkswjapx.dll",run
O4 - HKCU\..\Run: [BMa3465f14] Rundll32.exe "C:\Users\Riitta\AppData\Local\Temp\cnrkuqve.dll",s
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfi-fi.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10820 bytes