AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 9.11.2025 / 23:15
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hjtlogi
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
HJTlogi
  Siirry:
 
Kirjoittaja Viesti
Kakkara
Newbie

1 tuotearvio
_ 		9. toukokuuta 2006 @ 04:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Että tällainen tapaus. Norton ton löysi, mutta ei osannut tehdä asialle mitään. Te varmaan osaatte. Kiitos jo etukäteen!



Logfile of HijackThis v1.99.1
Scan saved at 14:52:09, on 8.5.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
c:\winnt\system32\alert.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\winnt\system32\drivers\lssas.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\MSGSRVR.EXE
C:\WINNT\System32\UMonit2k.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\system32\catroot\FireDaemon.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\catroot\scvhost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.em-kone.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Config Loader] scvhosl.exe
O4 - HKLM\..\Run: [dllsys] C:\WINNT\dllsys.exe
O4 - HKLM\..\Run: [Microsoft Update] MSGSRVR.EXE
O4 - HKLM\..\Run: [Microsoft Office] c:\winnt\system32\telnet.bat
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\UMonit2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunServices: [Config Loader] scvhosl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSGSRVR.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF59C56E-12EC-4233-AB0C-B87ABFADACAA}: NameServer = 193.229.0.40,193.229.0.42
O18 - Protocol: bw+0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Msevent alerter - Unknown owner - c:\winnt\system32\alert.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: FireDaemon Service: System (System) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: FireDaemon Service: winnt32 (winnt32) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		9. toukokuuta 2006 @ 05:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Onhan siellä vähän sitä sun tätä.

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

O4 - HKLM\..\Run: [Config Loader] scvhosl.exe
O4 - HKLM\..\Run: [dllsys] C:\WINNT\dllsys.exe
O4 - HKLM\..\Run: [Microsoft Update] MSGSRVR.EXE
O4 - HKLM\..\Run: [Microsoft Office] c:\winnt\system32\telnet.bat
O4 - HKLM\..\RunServices: [Config Loader] scvhosl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] MSGSRVR.EXE
O23 - Service: Msevent alerter - Unknown owner - c:\winnt\system32\alert.exe

Oletko itse asentanut tuon FireDaemonin? Jos, et niin fixaa nämäkin:

O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
O23 - Service: FireDaemon Service: System (System) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE
O23 - Service: FireDaemon Service: winnt32 (winnt32) - Unknown owner - C:\WINNT\system32\catroot\\FireDaemon.EXE

Sitten käynnistä -> suorita -> services.msc -> ok
Etsi listalta

Msevent alerter
FireDaemon Service: Secure (Secure)
FireDaemon Service: System (System)
FireDaemon Service: winnt32 (winnt32) (kolme alimmaista vain jos et ollut asentanut FireDaemonia itse)

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä.

Avaa HjT -> open misc tools -> delete nt service

Syötä nämä yksi kerrallaan ja klikkaa ok.

Msevent alerter
Secure
System
winnt32
(kolme alinta vain jos et ollut asentanut FireDaemonia itse)

Lataa ja tallenna http://www.f-secure.com/blacklight/try.shtml Blacklight työpöydällesi;

Tupla-klikkaa blbeta.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".

Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

c:\winnt\system32\alert.exe
c:\winnt\system32\drivers\lssas.exe
C:\WINNT\system32\catroot\scvhost.exe
(C:\WINNT\system32\catroot\FireDaemon.EXE) (jos et ollut asentanut FireDaemonia itse)
c:\winnt\system32\telnet.bat
C:\WINNT\dllsys.exe
scvhosl.exe
MSGSRVR.EXE (etsi näitä Etsi-toiminnolla)

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

Käynnistä uudelleen, lähetä ewidon ja blacklightin raportit ja uusi HjT-loki.
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. toukokuuta 2006 @ 05:18
Kakkara
Newbie

1 tuotearvio
_ 		10. toukokuuta 2006 @ 09:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nyt olis korjaukset tehty. Miltä näyttää?

Logfile of HijackThis v1.99.1
Scan saved at 11:08:48, on 10.5.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\UMonit2k.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.em-kone.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\UMonit2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF59C56E-12EC-4233-AB0C-B87ABFADACAA}: NameServer = 193.229.0.40,193.229.0.42
O18 - Protocol: bw+0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4285D6BE-BC41-4DDB-BBDB-5328DEDDDDF7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:02:10, 10.5.2006
+ Report-Checksum: C4EAFC2F

+ Scan result:

C:\Documents and Settings\Arja\Cookies\arja@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-1844237615-839522115-1000\Dc4.exe -> Backdoor.Iroffer.1213.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-1844237615-839522115-1000\Dc5.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup
C:\WINNT\system32\CatRoot\info.exe -> Trojan.Logg : Cleaned with backup


::Report End


05/10/06 09:49:24 [Info]: BlackLight Engine 1.0.36 initialized
05/10/06 09:49:24 [Info]: OS: 5.0 build 2195 (Service Pack 4)
05/10/06 09:49:24 [Note]: 7019 4
05/10/06 09:49:24 [Note]: 7005 0
05/10/06 09:49:44 [Note]: 7006 0
05/10/06 09:49:44 [Note]: 7011 1116
05/10/06 09:49:44 [Note]: 7026 0
05/10/06 09:49:44 [Note]: 7026 0
05/10/06 09:49:48 [Note]: FSRAW library version 1.7.1015
05/10/06 09:50:43 [Note]: 2000 1006
05/10/06 09:50:43 [Note]: 2000 1006
05/10/06 09:51:20 [Note]: 7007 0
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		10. toukokuuta 2006 @ 10:01 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Näyttää hyvältä :)

Yksi asia on kuitenkin tehtävä, koska sun koneella oli salasanoja varasteleva troijalainen:

C:\WINNT\system32\CatRoot\info.exe -> Trojan.Logg : Cleaned with backup

Vaihda kaikki online-salasanat (sähköposti, keskustelupalstat)
ja ota yhteyttä verkkopankkiin ja luottokorttiyhtiöön ja kysy onko tehty väärinkäytöksiä.
[ + lainaa]
Kakkara
Newbie

1 tuotearvio
_ 		11. toukokuuta 2006 @ 10:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kiitos paljon avusta! Täytyy varmaan tosiaan vaihtaa tärkeimmät salasanat.

Niin joo. Yks ongelma on vielä. osaisitkohan sanoa siihen jotain.

Norton antivirus kertoo skannatessa, että 1 jutska saastuttaa ja kysyy korjataanko. Kun sanoo että joo, tulee ilmoitus;

navw32.exe-aloituskohtaa ei löydy
proseduurin aloituskohtaa GetRawInputDeviceList ei löydy dynaamisesti
linkitettävästä kirjastosta USER32.dll

Kun klikkaa ok, tulee ruutu, jossa tekstiä (lyhennettynä suunnilleen)
Norton AV was unable to... Some NAV components are missing.

Norton vie symantecin sivuille, tarjoo autofixiä joka ei osaa tehdä mitään. Sit pyydetään laittaan viesti, johon luvataan vastata 48 h:n sisällä. Kun edelleen toimii vastauksen mukaan, pääsee vastaa kyselyyn;
1 jos sulle tulee uudestaan ongelma, otatko varmasti yhteyttä meihin
2 jos sun kaverille tulee ongelma, suositteletko meitä

sen jälkeen ei tapahdu mitään
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		11. toukokuuta 2006 @ 11:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Niin mikä se nortonin löydös mahtaa olla ja missä se sijaitsee?
[ + lainaa]
Kakkara
Newbie

1 tuotearvio
_ 		12. toukokuuta 2006 @ 05:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
No siinäpä se. Kun se ilmoittaa, että 1 item is infecting... ja sit kun painaa scan tjtn, niin Norton antaa ton virheilmoituksen, että jotain komponentteja puuttuu, eikä skannausta voitu tehdä. Eli en tiedä mikä mahtaa olla.
[ + lainaa]
Kakkara
Newbie

1 tuotearvio
_ 		12. toukokuuta 2006 @ 05:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Korjaan...

1 item is affecting.

-tarjoaa vaihtoehtoa "fix now"

-aloittaa korjaamaan: "Fixin 1 item" ja sit heti herjaa

että sitä navw32.exe-aloituskohtaa ei löydy
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		12. toukokuuta 2006 @ 05:57 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
No tuohon on aika mahdotonta sanoa mitään :(
Yksi vaihtoehto on Nortonin poisto ja uudelleenasennus
[ + lainaa]
Kakkara
Newbie

1 tuotearvio
_ 		12. toukokuuta 2006 @ 05:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Sitä ehdotettiin myös Nortonin sivuilla ja sitäkin kokeiltiin, mutta ei auttanut. No ei voi mitään. Mutta pääasiahan on että kone toimii nyt muuten hyvin. Kiitos vielä kerran! :)
[ + lainaa]
Mainos
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		12. toukokuuta 2006 @ 06:25 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ole hyvä :)

Halutessasi voit vielä kokeilla Nortonin poistoa näiden ohjeiden mukaan -> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/20050331...
ja sen perään uudelleenasennusta.
[ + lainaa]
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hjtlogi
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy