Viruksia koneessa/ kone hidas, hjt logi

muusu · Jan 14, 2006

Moi

Mä en osaa käyttää tietokoneita kovin hyvin joten jos saisin selkeät ohjeet päästä eroon näistä ongelmista.

Tässä koneessa oli Trojan-Downloader jonka ilmeisesti sain poistettua, ainakaan f-secure ei löydä enää mitään vikaa ja ewiro ei löydä enää mitään.

Kone kuitenkin takkuaa edelleen eli onkohan joku virus jäänyt kuitenkin vielä? brogram.exe niminen ohjelma pyytää vähän väliä lupaa päästä nettiin ja sen äsken annoin. Koneen käynnistyessä kone valittaa tiedostossa program~\newdot~1\newdot~1.dll olevan joku ongelma, mitä tarkoittaa?

Vanhojen keskustelujen ohjeita oon noudattanut, ja tän login hain. Toivottavasti oikein, miltäs näyttää?

Logfile of HijackThis v1.99.1
Scan saved at 12:43:17, on 14.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O18 - Protocol: bw+0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-kemisti- · Jan 14, 2006

Haittaohjelma ainakin on.

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

Hae LSPFix tuolta (joko se zippi tai sitten exe).
http://cexx.org/lspfix.htm

Tallenna se vaikka työpöydälle tai johonkin hakemistoon.

Avaa LSPFix

Laita rasti ruutuun, "I know what I’m doing".

Klikkaa vasemmassa ruudussa olevaa newdotnet3_88.dll , siirrä se oikealla olevaan ruutuun nuolinäppäimellä, klikkaa "Remove", paina Finish ja sulje LSPFix.

Poista, jos löytyy:

c:\program files\==>newdotnet<==

Käynnistä kone uudestaan ja lähetä uusi hijackthis-loki.

muusu · Jan 14, 2006

Tässä uusi logi, toi tolla uudella ohjelmalla poistettava tiedosto oli valmiiksi oikealla puolella ja mitään poisto nappia ei ollut. En sitten tiedä lähtikö se kuitenkin. Ja c:ltä ei löytynyt ton nimistä kansiota. Brogram.exe pyysi taas lupaa päästä nettiin, en nyt antanut lupaa. Kannattaako ens kerralla antaa?

Logfile of HijackThis v1.99.1
Scan saved at 13:38:16, on 14.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6B211570-6D1B-4981-B007-C52E6B14F12C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Huomasin vielä että tuolla taitaa olla vanhoja tulostimia turhaan? lexmark ja epson tulostimet ei ole enää käytössä. kannattaako tehdä jotain? epson ei suostu kontron paneelissa lähtemään

-kemisti- · Jan 14, 2006

Lähti se pois. Loki on kunnossa. Tuo Program.exe liittynee ewidoon (voit varmistaa asian polusta, jos se selviää F-securen ilmoituksesta).

muusu · Jan 14, 2006

Hetki sitten f-secure ilmoitti että Trojan-Downloader.Win32.InService.gi virus löytyy taas mun koneelta. Miten voi olla mahdollista kun en oo ladannut mitään ja hetki sitten kaikki oli vielä kunnossa. Mitä pitäisi tehdä? onko tossa f-securessa jotain tietoturva aukkoja?

spertti · Jan 14, 2006

Hae Ewido http://keskustelu.afterdawn.com/thread_view.cfm/269186
Tee ohjeiden mukaan ja lähetä sen raportti tänne.

-kemisti- · Jan 14, 2006

Sitten tehdään näin:

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

muusu · Jan 14, 2006

Ja f-secure ei siis sille osannut tehdä mitään. Miten sen poisto onnistuu helpoiten ja varmimmin?

spertti · Jan 14, 2006

Aja nuo molemmat siis sekä eScan, että Ewido, ja lähetä niiden raportit tänne.

muusu · Jan 14, 2006

Ewidon tulos oli tälläinen, tossa escanissa taitaa mennä vielä aikaa. Vajaan tunnin hakenut ja kolme löytöä näyttäs nyt olevan

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 15:30:55, 14.1.2006
+ Report-Checksum: 89CFA05C

+ Scan result:

:mozilla.20:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.fusk-access : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup

::Report End

spertti · Jan 14, 2006

Tuossa nyt ei ollut kuin muutama cookie. Oliko asetukset varmasti niinkuin tuossa linkissä neuvottiin? Eli "scan every file" ja "complete system scan"

muusu · Jan 14, 2006

Ei ollut . en hoksannut edes avata koko linkkiä kun ohjelma oli valmiiksi jo koneella.. nyt uusi haku oikeilla asetuksilla jos vaikka löytyy oikeita ongelmia

spertti · Jan 14, 2006

Juuh. Nyt sekin sitten skannaa "pikkaisen" pidempään =) Eli varmaankin tunnin verran menee siinä. Toivotaan, että syyllinen ongelmiin sieltä putkahtaa esiin =)

muusu · Jan 14, 2006

Tässä tulokset:

File C:\WINDOWS\system32\desktrf.exe tagged as not-a-virus:AdWare.Win32.Beginto.b. No Action Taken.
File C:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-108f9ab1.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Laura\Desktop\Kaikki\Ohjelmat\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.601. No Action Taken.
File C:\WINDOWS\system32\desktrf.exe tagged as not-a-virus:AdWare.Win32.Beginto.b. No Action Taken.

Ja

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:17:08, 14.1.2006
+ Report-Checksum: ABB14E11

+ Scan result:

:mozilla.18:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.fusk-access : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\rcdj8wh9.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup

::Report End

spertti · Jan 14, 2006

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä )

Poista tämä vikasietotilassa

File C:\WINDOWS\system32\====>desktrf.exe<=======

Alkaako ongelmat jo hellittämään?

muusu · Jan 14, 2006

Mä en oo koskaan käyny vikasietotilassa, kertositko tarkemmat ohjeet? onko siellä on valmiina joku lista mistä valitsen ton nimisen tiedoston joka poistetaan? miten sieltä pääsee pois?

Tonski · Jan 14, 2006

Näin: Paina F8 käynnistyksen yhteydessä ja mene tuohon spertin antamaan tiedostopolkuun ja poista sieltä tiedosto desktrf.exe

spertti · Jan 14, 2006

Eli kun käynnistät koneen ja kuulet piippauksen alat tasaisin väliajoin painaa F8 näppäintä. Eteesi pitäisi tulla valikko missä lukee erilaisia vaihtoehtoja. Valitse vikasietotila ilman verkkotoimintoja ( Engl: Safe Mode )

Pois vikasietotilasta pääset ihan vain käynnistämällä koneen uudestaan normaalisti.

Ei siellä mitään peloittavaa ole. Näyttää vain paljon askeettisemmalta kuin perus Windowsin työpöytä...

Ja sinne vikasietotilaan pääsee myös hieman säätämällä, eli näin jos tuo ei onnistu.

käynnistä -> suorita -> msconfig -> Boot.ini välilehti ja sieltä /safemode kohdalle ruksi -> ok.

Käynnistä kone uudelleen ja pitäisi aueta vikasietotila.
Poistettuasi sen filun tee sama juttu toisinpäin vain eli ruksi pois, jotta kone käynnistyy normaalisti seuraavassa bootissa.

muusu · Jan 14, 2006

Ei ollut niin vaikeaa kun kuvittelin Nyt siis tein noiden ohjeiden mukaan ja sain sen tiedoston poistettua. Mitäs sitten? Jostain syystä tää kone alko tökkimään entistä pahemmin.. Ja konetta avatessa tuli joku ilmotus invalid backweb application

spertti · Jan 14, 2006

Tuo Backweb ilmoitus koskee todennäköisesti F-Securea. Oletkos ajanut SpyBot Search and destroyta ikinä tuolla koneella? Se nimittäin luulee tuota Backwebiä virukseksi, ja poistaa sen.

Tuo poistamasi desktrf.exe ei kyllä kyseistä ongelmaa ainakaan voi aiheuttaa.

Log in or Sign up

Viruksia koneessa/ kone hidas, hjt logi

muusu Member

-kemisti- Active member

muusu Member

-kemisti- Active member

muusu Member

spertti Active member

-kemisti- Active member

muusu Member

spertti Active member

muusu Member

spertti Active member

muusu Member

spertti Active member

muusu Member

spertti Active member

muusu Member

Tonski Regular member

spertti Active member

muusu Member

spertti Active member

Share This Page

Log in or Sign up

Viruksia koneessa/ kone hidas, hjt logi

muusu Member

-kemisti- Active member

muusu Member

-kemisti- Active member

muusu Member

spertti Active member

-kemisti- Active member

muusu Member

spertti Active member

muusu Member

spertti Active member

muusu Member

spertti Active member

muusu Member

spertti Active member

muusu Member

Tonski Regular member

spertti Active member

muusu Member

spertti Active member

Share This Page

Useful Searches